Dayo Posted May 4, 2010 Posted May 4, 2010 i only read the 1st post but insted of showing themto secure mccodes why not just have an article on securing there coding, it would be better to teach owners rather then to show them to put 1 thing here and another here etc... Quote
Djkanna Posted May 4, 2010 Author Posted May 4, 2010 You have to understand this would be a article based on PHP security, sure we may point out flaws within the McCode script and give solutions on how to fix the flaw in question.[....] :) Quote
Nicholas Posted May 4, 2010 Posted May 4, 2010 Why not get someone to secure your game, then read the codes and learn how i learnt how to secure. if i didnt hire anyone to secure my game, i wouldnt really know anything about security. Quote
Danny696 Posted May 4, 2010 Posted May 4, 2010 Ive learn all my security from people on here, but mainly Dev-Forums Quote
Dominion Posted May 4, 2010 Posted May 4, 2010 Ive learn all my security from people on here, but mainly Dev-Forums dev-forums + php.net and pre made already secure scripts try a recode of the unsecure base and see what they did that you missed works well i think see something you don't know about go to php.net Quote
Djkanna Posted May 4, 2010 Author Posted May 4, 2010 I learn't what I know about PHP security from Magictallguy, CrazyT and off course the PHP manual ;) Quote
a_bertrand Posted May 5, 2010 Posted May 5, 2010 McCode suffers from common PHP mistakes, which are basically mistakes of programmers not thinking about how annoying some visitors can be. The first rule for a secure website / game is NEVER TRUST USER INPUT. That simply means, check EVERY SINGLE values you receive from the net / user, including cookies, get and post. But that's not limited to avoid SQL injections or XSS (where somebody place some javascript into the text), imagine you offer a "mailbox" system where you can have private message, well don't accept the ID of the message via the GET or via POST, as it could have been changed. So check if the current user really have access to the message before showing it. And this is a just a little example. For more details, check the web, for example: http://www.addedbytes.com/writing-secure-php/ How does that apply to McCode? well it pretty much apply to ANY website, and McCode as well. The only thing is, you will need to dig into every PHP files and see if all the parts which could be directly or indirectly modified by the users are checked. I'm sure every one of us always forget something... and this is how websites get hacked. Quote
CrazyT Posted May 5, 2010 Posted May 5, 2010 [...] $_GET['ID'] = ( isset($_GET['ID']) && is_string($_GET['ID']) && ctype_digit($_GET['ID']) ) ? $_GET['ID'] : '' ; $_POST['qty'] = ( isset($_POST['qty']) && is_string($_POST['qty']) && ctype_digit($_POST['qty']) ) ? $_POST['qty'] : '' ; [...] BTW, is_string() isn't needed here. Quote
Djkanna Posted November 16, 2010 Author Posted November 16, 2010 It's a shame this never really took off. :/ Quote
Dominion Posted November 20, 2010 Posted November 20, 2010 Same as everything else, if it was done people would use it, however few are willing to put the time into making it. If you want to do something like this still then get a list of people willing to make time for it and give them all one thing to write about. Less time should mean more people are willing to help out. The only real downside would be lots of different code styles popping up in one article. If that does not work then it will be a short article, however still there for people to learn the basics. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.