Search found 30 matches
- Mon Jul 19, 2010 4:52 am
- Forum: [3.x][Archive] RFCs
- Topic: [RFC|Accepted] Updated BBcode engine
- Replies: 146
- Views: 250340
Re: [RFC] Updated BBcode engine
I've committed some more updates. A tentative idea I have for the ACP interface is this: people can add whatever attributes they see fit (close, replace, replace_func, etc). If they do something like replace_func they'll be presented with a dropdown menu where they can select from the currently ...
- Fri Jun 18, 2010 3:36 am
- Forum: [3.x][Archive] RFCs
- Topic: [RFC|Accepted] Updated BBcode engine
- Replies: 146
- Views: 250340
Re: [RFC] Updated BBcode engine
Hey Jim, can you please rename your branch to the proper feature/bbcode (or whatever you want to call the feature). Make sure there is a ticket for this on the tracker and then please use git rebase to edit your commit messages to conform with http://wiki.phpbb.com/display/DEV/Git. Thanks.
It ...
It ...
- Thu Jun 03, 2010 11:55 am
- Forum: [3.x][Archive] RFCs
- Topic: [RFC|Accepted] Updated BBcode engine
- Replies: 146
- Views: 250340
Re: [RFC] Updated BBcode engine
Hey Jim, can you please rename your branch to the proper feature/bbcode (or whatever you want to call the feature). Make sure there is a ticket for this on the tracker and then please use git rebase to edit your commit messages to conform with http://wiki.phpbb.com/display/DEV/Git. Thanks.
It ...
It ...
- Thu May 20, 2010 9:24 pm
- Forum: [3.x][Archive] RFCs
- Topic: [RFC] Javascript password protection
- Replies: 14
- Views: 43129
Re: [RFC] Javascript password protection
I count 50 kb of javascript code being referenced here and I see references to php libraries for performing cryptography. Who audited all this code and where is a guarantee that it does not have a bug that would allow someone to login with an incorrect password, or with no password?
All the ...
All the ...
- Thu May 20, 2010 6:11 pm
- Forum: [3.x][Archive] RFCs
- Topic: [RFC] Javascript password protection
- Replies: 14
- Views: 43129
Re: [RFC] Javascript password protection
At least not for the average attacker. And what about average user:
1. Will password masters work in such cases?
If encrypted onsubmit then yes.
2. What about JavaScript-disabled browsers?
No.
3. What about CLDC devices? Will they have enough resources to perform encryption? Native browsers ...
1. Will password masters work in such cases?
If encrypted onsubmit then yes.
2. What about JavaScript-disabled browsers?
No.
3. What about CLDC devices? Will they have enough resources to perform encryption? Native browsers ...
- Mon May 17, 2010 10:53 pm
- Forum: [3.x][Archive] RFCs
- Topic: [RFC] Javascript password protection
- Replies: 14
- Views: 43129
Re: [RFC] Javascript password protection
Additional protection through encryption is reliable. But there is one but.
Encoder (your code) is delivered to end user through the same channel, by which will be transferred encrypted password(which is completely controlled by attacker in any case). What prevents an attacker to completely ...
Encoder (your code) is delivered to end user through the same channel, by which will be transferred encrypted password(which is completely controlled by attacker in any case). What prevents an attacker to completely ...
- Mon May 17, 2010 8:40 pm
- Forum: [3.x][Archive] RFCs
- Topic: [RFC] Javascript password protection
- Replies: 14
- Views: 43129
[RFC] Javascript password protection
Currently, unless you're using SSL/TLS, phpBB submits passwords in plaintext when users login. This isn't much of a problem unless you're on a potentially hostile network (ie. maybe a coffee shop where there's an evil twin or something) but if it is a problem then the phpBB Javascript Password ...
- Mon May 17, 2010 8:30 pm
- Forum: [3.x][Archive] RFCs
- Topic: [RFC|Accepted] Updated BBcode engine
- Replies: 146
- Views: 250340
[RFC|Accepted] Updated BBcode engine
The feature/ascraeus-experiment branch has, among other things, a rewritten BBcode parser that protects against structurally invalid BBcodes. The proposal here is to integrate that parser into the regular develop branch.
To do so, fairly extensive changes to the feature/ascraeus-experiment parser ...
To do so, fairly extensive changes to the feature/ascraeus-experiment parser ...
- Wed Mar 17, 2010 7:54 pm
- Forum: [3.0/Olympus] Discussion
- Topic: PECL BBCode Extension
- Replies: 10
- Views: 27256
Re: PECL BBCode Extension
Looking at the bbcode_create() example , I see that the BBCode only permits [b] and [i] as children.
[code][url=http://www.google.com][img]http://www.google.com/images/firefox/personas.png[/img] [/code]
The flip side, of course, is that you also can't use the BBCode to produce broken HTML like ...
[code][url=http://www.google.com][img]http://www.google.com/images/firefox/personas.png[/img] [/code]
The flip side, of course, is that you also can't use the BBCode to produce broken HTML like ...
- Wed Mar 10, 2010 11:44 pm
- Forum: [3.x][Archive] RFCs
- Topic: [RFC] Secure Automatic Upgrades
- Replies: 21
- Views: 48976
Re: [RFC] Secure Automatic Upgrades
Incidentally, I was thinking about the public key and... maybe it'd be best to use a pgp / gpg formatted public key. The advantage of that is that easily available command line tools can be used to generate signatures and verify signatures (if you don't want phpBB to auto-upgrade). The disadvantage ...