Jump to content
MakeWebGames

protection mccodes v2

deletemeplz:)

By deletemeplz:)
in Free Modifications

 Share

Recommended Posts

Robert Newbie

Robert

Posted
Posted

Re: protection mccodes v2

My first tip is to not open a game until you know and have had your game tested against sql injections and any bugs inside the coding of each script and mod you put on..

Second Tip is to use the search forum function. you find pages like this http://criminalexistence.com/ceforums/index.php?topic=24802.msg140130;topicseen#msg140130

Third Tip is to pick up a book and find a few tutorials online on how to secure php

Guest Sniko`

Guest Sniko`

Posted
Posted

Re: protection mccodes v2

Try sprintf() the sql's in the code - will slow it down but will help

Try using placements such as %s in the sql's

Learn from more experianced coders posts such as: HD, Karlos, Mtg

Thanks

Sniko

Guest Sniko`

Guest Sniko`

Posted
Posted

Re: protection mccodes v2

 

sprintf() is not for securing. Get that out your head now. It's only for formatting a string.

righty oh lol, people started using it when people started securing their mods so i thought it was lol

Eternal Newbie

Eternal

Posted
Posted

Re: protection mccodes v2

lol Your first step is http://www.php.net

Second look up the variables

http://php.net/mysql_escape_string

http://php.net/strip_tags

http://php.net/htmlentities

no use securing $_POST and $_GET with out fixing

$_SERVER['HTTP_X_FORWARDED_FOR']

to

$_SERVER['REMOTE_ADDR'];

as HTTP_X_FORWARDED_FOR can be spoofed to result in a sql injection place.

anything using $_POST['input'] that goes to database can be manipulated to screw up your website.

eg...

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

what i can do is put my facing ip as 1.1.1.1', user_level='2

Same thing with post variables

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

Will result in attack

F4R1D Newbie

F4R1D

Posted
Posted

Re: protection mccodes v2

yes everyone is posting that sprintf dose not sercure codes people think its good it makes the code slow but its there style of coding

Haunted Dawg Newbie

Haunted Dawg

Posted
Posted

Re: protection mccodes v2

 

yes everyone is posting that sprintf dose not sercure codes people think its good it makes the code slow but its there style of coding

sprintf() is for formatting a string, not for securing /:

Zeggy Newbie

Zeggy

Posted
Posted

Re: protection mccodes v2

Learn from your mistakes. Just listening to other people telling you what functions to use won't help you in any way. You need to know why you are using those functions, what exactly they are doing and when you should use them.

Being hacked is not a bad thing, because it's another opportunity to learn.

Check yours logs to see what happened. When did it happen? Who? How? If you log everything properly, you'll be able to find out exactly what happened, and how you can fix it and then you can make sure it never happens again.

 

But of course... it will also do you some good to read up on common security holes.

Some google keywords:

xss

sql injection

csrf

wikipedia

This website looks quite informative, but I don't know, I haven't read it myself: http://php.robm.me.uk/

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...