Quote:
Originally posted by Nick
What is the best defense?
No Replies.. hmmm.. I didn't think there would be any.. Looks like a fix-it script would make bank!!!
The huge security holes remind me of what started all the password sites..
|
There is no real defense. What I had to do for our plugin page, is make a lock and key script. I made a script that made a md5 encrypted hash. It had the users class c ip address and then it took the day of the month (30) and the hour (1-24). And the script is put on the clients computer ie, teeniestars.com and then when ever a user clicks on that script it makes the hash and sends it over in a variable userid and when they get to our server, our server takes that information, the class c, hour and day of the month and md5 and compare both of them. That way nobody could have the same identical user id's at the same time.
HTTP Referering doesn't work. Not every browser sends the same referer information. Some don't send any information at all. So that isn't the best way to go.
JDog