Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - External readingof PM’s?
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

External readingof PM’s?
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
SilverFaery View Drop Down
Newbie
Newbie
Avatar

Joined: 04 May 2002
Location: Denmark
Status: Offline
Points: 15 		Post Options Post Options   Thanks (0) Thanks(0)   Quote SilverFaery Quote  Post ReplyReply Direct Link To This Post Topic: External readingof PM’s?
    Posted: 27 April 2004 at 12:15pm

I've just been told that it is possible to access the PM system from an external source?

I use SQL and stopped using Access after a hacking incident, so I didn't believe this to be possible in a secure SQL enviroment.

It would really undermine my trust in this forum script and I don't want that. Plz let me know if it's true...
Back to Top
dj air View Drop Down
Senior Member
Senior Member
Avatar

Joined: 05 April 2002
Location: United Kingdom
Status: Offline
Points: 3627 		Post Options Post Options   Thanks (0) Thanks(0)   Quote dj air Quote  Post ReplyReply Direct Link To This Post Posted: 27 April 2004 at 4:36pm

you'll need bruce to verify this but i would think it is not accessable.. as you need to login to the SQL server, also return the certain values. and the security measures in this script are top notch...

 every hacking access is protected to the forums best abilaties...

where did you hear this, are you sure they didn't mean you can have an external pm service on the website outside the forum but on the same website.
Back to Top
SilverFaery View Drop Down
Newbie
Newbie
Avatar

Joined: 04 May 2002
Location: Denmark
Status: Offline
Points: 15 		Post Options Post Options   Thanks (0) Thanks(0)   Quote SilverFaery Quote  Post ReplyReply Direct Link To This Post Posted: 27 April 2004 at 4:48pm

I was told this by a guy in a discussion about privacy of PM's. He claimed that he could get the PM's from the SQl from a single string.

It sounds too unbelievable but he refered to the code.
I know it's possible in access, but SQL?
Back to Top
thekiwi View Drop Down
Mod Builder Group
Mod Builder Group


Joined: 23 November 2003
Location: New Zealand
Status: Offline
Points: 392 		Post Options Post Options   Thanks (0) Thanks(0)   Quote thekiwi Quote  Post ReplyReply Direct Link To This Post Posted: 27 April 2004 at 5:06pm
Originally posted by SilverFaery SilverFaery wrote:

I was told this by a guy in a discussion about privacy of PM's. He claimed that he could get the PM's from the SQl from a single string.

It sounds too unbelievable but he refered to the code.
I know it's possible in access, but SQL?


WWF is pretty well proteced from injection attacks.  Ive also tried calling someone elses PM ID when logged in as another user .. and that didn't work either.

Be interested to see this demonstrated rather than just talked about :-)
Cheers
TheKiwi
Internet Infobahn - website design and hosting
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 28 April 2004 at 3:16am
I tighned up security on the PM part a couple of versions back as I did find a small security problem.

This was fixed, so make sure you are running the latest version.

But nothing that allowed an external source to view PM's.


Edited by -boRg-
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
SilverFaery View Drop Down
Newbie
Newbie
Avatar

Joined: 04 May 2002
Location: Denmark
Status: Offline
Points: 15 		Post Options Post Options   Thanks (0) Thanks(0)   Quote SilverFaery Quote  Post ReplyReply Direct Link To This Post Posted: 28 April 2004 at 3:56am

Thanx for the responses. I wont re-open the forum until the newest version is configured and ready on my server.

I have been running vers. 7.01 and Im sure that it's that version that is unsafe, if it's not just a threat from a idiot.

Thanx again!
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 28 April 2004 at 5:23am
There are a few knwon security holes with 7.01 which have been addressed and fixed in the latest version.

Upgrading to the latest version should prevent the problems you mention.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.