[extreme optimizing]
Now, security problem arise when i hardcoded querying phpbb_config on EVERY page (in common.php) to simple php array because there is one variable... rand_seed... when its hardcoded its constant but when its not hardcoded it is changing on every page view. Now all i know its used while generating new passwords probably, coul we trick this like this?
current (constant) rand_seed hardcoded in php array:
$board_config = Array (
config_values...
'rand_seed' => '0314027335b60fdcdcffdac0ee1fd8ea',
config_values...
);
So now rand_seed will not be grabbed from database on every page view but just generated from function on every page view.this trick will solve this?
$board_config = Array (
config_values...
'rand_seed' => rand_seed(),
config_values...
);
Additionaly i could save second query, UPDATE rand_seed value to database on every page view from rand_seed function.
Can i make this 2 modifications without putting our forum on security risk? I am loosing anything on such solution?
Hope everybody understand.
Regards
PS
If this would make security problems, maybe this hack, update rand_seed every ~3 page refreshes, not 1.
if (mt_rand(1,3) == 1) {
dss_rand_function_body
}
This would refresh rand_seed in database not every refresh of page but every 3 refreshes of page.
