Change Cookie for Extra Security
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=10253
Printed Date: 08 April 2026 at 7:13am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: Change Cookie for Extra Security
Posted By: Sxar
Subject: Change Cookie for Extra Security
Date Posted: 02 May 2004 at 1:19am
|
Hello All, I have noticed that many users of the webwiz forums application continually disobey the notice from "-borg-" about renaming and/or moving there database. If your Database is not renamed and/or moved then it leaves a open run for hackers. To add to the moving and/or renaming of database issue, i recommend that you also change the name of the cookie for the forums as a hacker can use the "User_Code" and store it in the Default cookie (WWF) and gain access to the administration section of your website. I recomend strongly that you choose a name other than WWF! Hope that helps... |
Replies:
Posted By: Adrael
Date Posted: 02 May 2004 at 11:05pm
|
I'm confused as to how to do this. Is it through the admin panel, or do we have to edit some files? ------------- World of Warcraft Guild: The State http://www.ac.wwu.edu/~tronvim/state/ |
Posted By: WebWiz-Bruce
Date Posted: 03 May 2004 at 5:15am
|
How to do this is mentioned in the documentation that comes with the forum, or can be read online at:- http://www.webwiz.net/web_wiz_forums/docs_access_move_db.asp - http://www.webwiz.net/web_wiz_forums/docs_access_move_ db.asp It is also mentioned in many posts on this forum if you do a search. Two files will need to be edited (common.asp files) using a text editor. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: kmacy
Date Posted: 03 May 2004 at 11:17am
|
Borg,
------------- Ken Macy |
Sxar wrote:Posted By: WebWiz-Bruce
Date Posted: 03 May 2004 at 1:23pm
|
If you are running the Access version you should at very least follow
the install instructions and rename and move the Access database. Changing the cookie name in the common.asp files will also add protectoin incase a hacker does still somehow get hold of your Access database. The Access database should be placed in a file that is not accessable through a web browser to prevent it being downloaded by a hacker. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: kmacy
Date Posted: 03 May 2004 at 2:46pm
|
Borg, What about for Sql Server installations. Would you still recommend changing the cookie name in common.asp as added protection or is it not needed? ------------- Ken Macy |
Posted By: WebWiz-Bruce
Date Posted: 04 May 2004 at 5:57am
|
Only if you think someone might be able to gain access to your database. But it would take much anyway for someone to work out the new cookie name, either way. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |