Search found 6 matches
- Tue Jan 11, 2011 10:47 pm
- Forum: [3.x] Discussion
- Topic: X-Frame-Options (response header) - security
- Replies: 2
- Views: 5555
X-Frame-Options (response header) - security
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame> or <iframe>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites. https://developer.mozilla.org/en/...
- Thu Dec 30, 2010 11:20 am
- Forum: [3.x] Discussion
- Topic: Content Security Policy (CSP) - security
- Replies: 4
- Views: 7331
Content Security Policy (CSP) - security
Firefox 4 Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. Enabling CSP is as easy as configuring your web server to return the X-Content-Security-Policy HTTP heade...
- Fri Feb 06, 2009 11:04 pm
- Forum: phpBB 3.0.x Support
- Topic: SPAMBOTS - how can we stop them - read FIRST post.
- Replies: 234
- Views: 501433
Re: SPAMBOTS - how can we stop them - read FIRST post.
don't know where to do this, made this recently, first time i've posted it Spam blacklist made simple Purpose: Block blacklisted spam IPs from registering. With a minimalist approach. The IPs are checked right before the new user is added to the DB, and after all the input is checked and OK. Spam bo...
- Fri Feb 06, 2009 8:22 pm
- Forum: [3.0/Olympus] Discussion
- Topic: [Discussion] Downtime and Server Compromise
- Replies: 353
- Views: 517563
Re: [Discussion] Downtime and Server Compromise
have/will the users with old password hashes be emailed? rusty105: instead of a username, its a random number, this random number is different for each user, and stored for each user. so yeah, different on 2 different sites see for your self: phpBB3/includes/functions.php find: function phpbb_hash($...
- Fri Feb 06, 2009 8:00 pm
- Forum: [3.0/Olympus] Discussion
- Topic: [Discussion] Downtime and Server Compromise
- Replies: 353
- Views: 517563
Re: [Discussion] Downtime and Server Compromise
normalhash(password1) equals normalhash(password1)
but
normalhash(username1 + password1) does not equal normalhash(username2 + password1)
(phpbb3 method is more complicated than this and does not use the username)
normalhash(username1 + password1) equals normalhash(username1 + password1)
but
normalhash(username1 + password1) does not equal normalhash(username2 + password1)
(phpbb3 method is more complicated than this and does not use the username)
normalhash(username1 + password1) equals normalhash(username1 + password1)
- Thu Feb 05, 2009 6:38 pm
- Forum: [3.0/Olympus] Discussion
- Topic: [Discussion] Downtime and Server Compromise
- Replies: 353
- Views: 517563
Re: [Discussion] Downtime and Server Compromise
Idea: (assumption: old hashs are exactly the same phpbb2 -> phpbb3) a third type of password hash for phpbb3 this new hash will store OLD hash in a more secure manner, same way as current(phpbb3) hashes but an extra flag to indicate that the OLD hash must be applied before applying the current hash ...