Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Q&A
Keeping CMS secure
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="JayC" data-source="post: 435890" data-attributes="member: 36373"><p>You just need to make sure you properly filter everything , even coming from the database and being outprinted. </p><p></p><p>One of the mistakes in RevCMS is they use templates such as {server_ip} - and if a user sets this as their motto, or manage to put it in the database where it somewhere gets loaded on the CMS, it will show their server ip, so its important to filter everything!</p><p></p><p>You should also be double checking permissions.</p><p></p><p>Another way to ensure security - is to have 2 different database accounts. One that only has permissions to RETRIEVE and INSERT information, but not delete , truncate, or change for the basic cms,</p><p></p><p>and then on the housekeeping you can have another account that allows updates.</p></blockquote><p></p>
[QUOTE="JayC, post: 435890, member: 36373"] You just need to make sure you properly filter everything , even coming from the database and being outprinted. One of the mistakes in RevCMS is they use templates such as {server_ip} - and if a user sets this as their motto, or manage to put it in the database where it somewhere gets loaded on the CMS, it will show their server ip, so its important to filter everything! You should also be double checking permissions. Another way to ensure security - is to have 2 different database accounts. One that only has permissions to RETRIEVE and INSERT information, but not delete , truncate, or change for the basic cms, and then on the housekeeping you can have another account that allows updates. [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Q&A
Keeping CMS secure
Top