gameboyz Posted July 25, 2009 Share Posted July 25, 2009 http://fabcode.org/secureshareBasically I need some volunteers to help test it for bugs, and to see if it's secure enough. Please try methods like SQL injection and others, I need to know how to improve it.Secondly is there any way to write an automated script that purges database content older than say, 30 days? Link to comment Share on other sites More sharing options...
Synook Posted July 25, 2009 Share Posted July 25, 2009 Umm, I don't have any image URLs under 13 characters.For the automation, look at Cron Jobs. Link to comment Share on other sites More sharing options...
gameboyz Posted July 25, 2009 Author Share Posted July 25, 2009 Umm, I don't have any image URLs under 13 characters.For the automation, look at Cron Jobs.Sorry for the confusion.The 13 characters thing you see on the home page is the ID. To generate an ID you have to go to http://fabcode.org/secureshare/generate Currently only tinypic-hosted images ending with .jpg are supported, it's a bug (my badness) and I'm working on supporting EVERY file extension that tinypic allows.For the image URL just use http:// xxx.tinypic.com/ xxxxxx.jpg it works. Of course I'd appreciate if you could try to hack the system in any way possible, that just goes towards securing the whole site even more. Link to comment Share on other sites More sharing options...
Synook Posted July 25, 2009 Share Posted July 25, 2009 I think I'm still missing something Link to comment Share on other sites More sharing options...
gameboyz Posted July 25, 2009 Author Share Posted July 25, 2009 I think I'm still missing something Google chrome, smart choice :)Hmm... a form is supposed to appear using jQuery's show() function when you click on the radio buttons (using the onclick event)Works in Firefox and IE... Link to comment Share on other sites More sharing options...
gameboyz Posted July 25, 2009 Author Share Posted July 25, 2009 Okay anyway any general precautions to securing a site against common methods of hacking?edit: How do you write a script such that: If it encounters an error, it runs die("Error message here"); , execution of other "success" strings are stopped but the HTML tags are unaffected so the HTML structure still flows smoothly instead of like, being cut off halfway so there is no end tags for half the elements. Link to comment Share on other sites More sharing options...
Synook Posted July 25, 2009 Share Posted July 25, 2009 To prevent SQL injection, you use mysql_real_escape_string() on things put in the database.For the errors, you just echo something, and use if ... else: //code...if ($bad) { echo "error message";} else { echo "success message";}//code... Link to comment Share on other sites More sharing options...
clonetrooper9494 Posted July 25, 2009 Share Posted July 25, 2009 I know this maybe the wrong place to post this since it has nothing to do with PHP but, with that google chrome issue above, try adding an onclick event instead of onfocus. Link to comment Share on other sites More sharing options...
gameboyz Posted July 26, 2009 Author Share Posted July 26, 2009 To prevent SQL injection, you use mysql_real_escape_string() on things put in the database.For the errors, you just echo something, and use if ... else://code...if ($bad) { echo "error message";} else { echo "success message";}//code... Okay thanks! The 2nd part, didn't occur to me before lol!I might be aborting this secureshare idea for something more practical.. hmm Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.