External readingof PM’s?
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=10170
Printed Date: 08 April 2026 at 7:00am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: External readingof PM’s?
Posted By: SilverFaery
Subject: External readingof PM’s?
Date Posted: 27 April 2004 at 12:15pm
|
I've just been told that it is possible to access the PM system from an external source? I use SQL and stopped using Access after a hacking incident, so I didn't believe this to be possible in a secure SQL enviroment. It would really undermine my trust in this forum script and I don't want that. Plz let me know if it's true... |
Replies:
Posted By: dj air
Date Posted: 27 April 2004 at 4:36pm
|
you'll need bruce to verify this but i would think it is not accessable.. as you need to login to the SQL server, also return the certain values. and the security measures in this script are top notch... every hacking access is protected to the forums best abilaties... where did you hear this, are you sure they didn't mean you can have an external pm service on the website outside the forum but on the same website. |
Posted By: SilverFaery
Date Posted: 27 April 2004 at 4:48pm
|
I was told this by a guy in a discussion about privacy of PM's. He claimed that he could get the PM's from the SQl from a single string. It sounds too unbelievable but he refered to the code. |
Posted By: thekiwi
Date Posted: 27 April 2004 at 5:06pm
WWF is pretty well proteced from injection attacks. Ive also tried calling someone elses PM ID when logged in as another user .. and that didn't work either. Be interested to see this demonstrated rather than just talked about :-) ------------- Cheers TheKiwi http://www.infobahn.co.nz - Internet Infobahn - website design and hosting |
SilverFaery wrote:Posted By: WebWiz-Bruce
Date Posted: 28 April 2004 at 3:16am
|
I tighned up security on the PM part a couple of versions back as I did find a small security problem. This was fixed, so make sure you are running the latest version. But nothing that allowed an external source to view PM's. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: SilverFaery
Date Posted: 28 April 2004 at 3:56am
|
Thanx for the responses. I wont re-open the forum until the newest version is configured and ready on my server. I have been running vers. 7.01 and Im sure that it's that version that is unsafe, if it's not just a threat from a idiot. Thanx again! |
Posted By: WebWiz-Bruce
Date Posted: 28 April 2004 at 5:23am
|
There are a few knwon security holes with 7.01 which have been addressed and fixed in the latest version. Upgrading to the latest version should prevent the problems you mention. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |