Search found 6 matches

by Posts
Tue Jan 11, 2011 10:47 pm
Forum: [3.x] Discussion
Topic: X-Frame-Options (response header) - security
Replies: 2
Views: 5555

X-Frame-Options (response header) - security

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame> or <iframe>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites. https://developer.mozilla.org/en/...
by Posts
Thu Dec 30, 2010 11:20 am
Forum: [3.x] Discussion
Topic: Content Security Policy (CSP) - security
Replies: 4
Views: 7331

Content Security Policy (CSP) - security

Firefox 4 Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. Enabling CSP is as easy as configuring your web server to return the X-Content-Security-Policy HTTP heade...
by Posts
Fri Feb 06, 2009 11:04 pm
Forum: phpBB 3.0.x Support
Topic: SPAMBOTS - how can we stop them - read FIRST post.
Replies: 234
Views: 501433

Re: SPAMBOTS - how can we stop them - read FIRST post.

don't know where to do this, made this recently, first time i've posted it Spam blacklist made simple Purpose: Block blacklisted spam IPs from registering. With a minimalist approach. The IPs are checked right before the new user is added to the DB, and after all the input is checked and OK. Spam bo...
by Posts
Fri Feb 06, 2009 8:22 pm
Forum: [3.0/Olympus] Discussion
Topic: [Discussion] Downtime and Server Compromise
Replies: 353
Views: 517563

Re: [Discussion] Downtime and Server Compromise

have/will the users with old password hashes be emailed? rusty105: instead of a username, its a random number, this random number is different for each user, and stored for each user. so yeah, different on 2 different sites see for your self: phpBB3/includes/functions.php find: function phpbb_hash($...
by Posts
Fri Feb 06, 2009 8:00 pm
Forum: [3.0/Olympus] Discussion
Topic: [Discussion] Downtime and Server Compromise
Replies: 353
Views: 517563

Re: [Discussion] Downtime and Server Compromise

normalhash(password1) equals normalhash(password1)

but
normalhash(username1 + password1) does not equal normalhash(username2 + password1)
(phpbb3 method is more complicated than this and does not use the username)

normalhash(username1 + password1) equals normalhash(username1 + password1)
by Posts
Thu Feb 05, 2009 6:38 pm
Forum: [3.0/Olympus] Discussion
Topic: [Discussion] Downtime and Server Compromise
Replies: 353
Views: 517563

Re: [Discussion] Downtime and Server Compromise

Idea: (assumption: old hashs are exactly the same phpbb2 -> phpbb3) a third type of password hash for phpbb3 this new hash will store OLD hash in a more secure manner, same way as current(phpbb3) hashes but an extra flag to indicate that the OLD hash must be applied before applying the current hash ...