Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - Change Cookie for Extra Security
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Change Cookie for Extra Security
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
Sxar View Drop Down
Newbie
Newbie
Avatar

Joined: 25 December 2003
Location: Australia
Status: Offline
Points: 31 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Sxar Quote  Post ReplyReply Direct Link To This Post Topic: Change Cookie for Extra Security
    Posted: 02 May 2004 at 1:19am

Hello All,

I have noticed that many users of the webwiz forums application continually disobey the notice from "-borg-" about renaming and/or moving there database. If your Database is not renamed and/or moved then it leaves a open run for hackers.

To add to the moving and/or renaming of database issue, i recommend that you also change the name of the cookie for the forums as a hacker can use the "User_Code" and store it in the Default cookie (WWF) and gain access to the administration section of your website. I recomend strongly that you choose a name other than WWF!

Hope that helps...
Back to Top
Adrael View Drop Down
Newbie
Newbie


Joined: 27 April 2003
Status: Offline
Points: 25 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Adrael Quote  Post ReplyReply Direct Link To This Post Posted: 02 May 2004 at 11:05pm
I'm confused as to how to do this.

Is it through the admin panel, or do we have to edit some files?
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 03 May 2004 at 5:15am
How to do this is mentioned in the documentation that comes with the forum, or can be read online at:-

http://www.webwiz.net/web_wiz_forums/docs_access_move_ db.asp

It is also mentioned in many posts on this forum if you do a search.

Two files will need to be edited (common.asp files) using a text editor.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
kmacy View Drop Down
Groupie
Groupie
Avatar

Joined: 15 March 2002
Location: United States
Status: Offline
Points: 73 		Post Options Post Options   Thanks (0) Thanks(0)   Quote kmacy Quote  Post ReplyReply Direct Link To This Post Posted: 03 May 2004 at 11:17am

Borg,
Do you agree with the other part of Sxar's post?  Should we all do this is we want the forum to be secure as feasibly possible?

Originally posted by Sxar Sxar wrote:

To add to the moving and/or renaming of database issue, i recommend that you also change the name of the cookie for the forums as a hacker can use the "User_Code" and store it in the Default cookie (WWF) and gain access to the administration section of your website. I recomend strongly that you choose a name other than WWF!

Hope that helps...
Ken Macy
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 03 May 2004 at 1:23pm
If you are running the Access version you should at very least follow the install instructions and rename and move the Access database.

Changing the cookie name in the common.asp files will also add protectoin incase a hacker does still somehow get hold of your Access database.

The Access database should be placed in a file that is not accessable through a web browser to prevent it being downloaded by a hacker.


Edited by -boRg-
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
kmacy View Drop Down
Groupie
Groupie
Avatar

Joined: 15 March 2002
Location: United States
Status: Offline
Points: 73 		Post Options Post Options   Thanks (0) Thanks(0)   Quote kmacy Quote  Post ReplyReply Direct Link To This Post Posted: 03 May 2004 at 2:46pm

Borg,

What about for Sql Server installations.  Would you still recommend changing the cookie name in common.asp as added protection or is it not needed?
Ken Macy
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 04 May 2004 at 5:57am
Only if you think someone might be able to gain access to your database.

But it would take much anyway for someone to work out the new cookie name, either way.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.