hiya guys,
I have to say there is a little bit of a security flaw here, in that people can edit other peoples phrase center's, I found this out by Keyboard1333 editing my phrase center and adding a phrase, "keyboard is epic" which I highly dispute, keyboard also claimed to have done it multiple times before I had checked. Is there any way to fix this, as I find this quite invasive to have people be able to edit my things.
Bernie

I don't think that the phrase center mod for the board has any security built in. So it's just worth knowing that and not putting any personal information there. If it's crucial to keep the phrases, you could always keep a backup. Few users are going to intentionally edit another's content there, so it shouldn't be a problem.

bernie you have no sense of humour :(

I'm not putting personal information on y phrase center, that would just be completely idiotic, I just dislike other members having the power to edit my things. Just out of curiosity, how do you edit them?

Doesn't that kind of counter the point of you disliking it?

but if your curious -


javascript:void(loadphrase('bernie1227'))

no, as I am wondering how immature people such as yourself are editing other people's phrase center's

In my defense, I was curious as to if it would work and your probably the only person who I could do it to without getting killed.

no, you will be killed anyhow

Come at me bro!


This is a joke.... it's called a joke...

please discontinue editing phrase center's, it's unkind to others.

ok :cool:

http://i1.kym-cdn.com/photos/images/newsfeed/000/353/279/e31.jpg

Hmm, I don't see a link to a "Phrase Center"

Where is this located?

Below the quick reply text area.

But unless it's changed, only senior coders and above can access it.

Developing just a tiny bit of a hacker subculture here, eh? Very promising. : )

I was wonder about that keyboard1333,I don't see it so it must still be "only senior coders and above can access it."

Developing just a tiny bit of a hacker subculture here, eh? Very promising. : )

What hacking subculture? If you're talking about the phrase center thing, I'd hardly call that hacking... :p

You're exploiting a vulnerability. Not a critical one, not very fancy hack, but it counts. It's A Good Thing. : )

It's A Good Thing. : )

Hmmm... not something you hear every day (hacking is a good thing).
And in my opinion, exploiting such a basic security is hardly hacking.
It's like if you go on your friends computer while their out of the room and they've left their facebook open, then writing HACKED on their wall....
I believe the term is hacksaw438'ted :D

Hmm . . . traq rhymes with hack - a coincidence? I think not!

I dunno, hacking is such a broad term, sort of like magic. There's white magic, black magic, and a gray area in between. The skills involved in hacking are similar to those used for coding in general, especially those used to get existing code to perform a little differently, to tweak it to a slightly different, presumably more desirable state.

It certainly can be fun, even in fun. Just be careful, some folks don't take kindly to jokes, and depending upon who those folks are, you could get into trouble regardless of whether or not your actions truly merit it or not.

I once saw something on the TV show CSI - the original Las Vegas version. They were using a web based service to get detailed satellite maps. I saw the address of the website. It was real. However, the service was for government and business use only. I played around with it a bit until I got a pulsing popup message:

"We take having fun seriously."

Which was completely out of context for what you might usually think. I got the message though and have never been back.

Hmm . . . traq rhymes with hack - a coincidence? I think not!

I always thought the a in his name was pronounced ah... Traq? :D



I once saw something on the TV show CSI - the original Las Vegas version. They were using a web based service to get detailed satellite maps. I saw the address of the website. It was real. However, the service was for government and business use only. I played around with it a bit until I got a pulsing popup message:

"We take having fun seriously."

Which was completely out of context for what you might usually think. I got the message though and have never been back.

I don't get the "We take having fun seriously"???

Anyway, I'm not talking about the ethical defintion of hacking - I'm talking about the bottom line of what is considered hacking... but oh well :p

I don't get the "We take having fun seriously"???"You might consider this "just for fun," but we don't." ...?


Anyway, I'm not talking about the ethical defintion of hacking - I'm talking about the bottom line of what is considered hacking... but oh well :pI understand. Hacking is finding and exploiting weaknesses in code, which I think matches what's going on pretty well. Difficulty is another issue. As John says, the main thing is we just need to remember not to step on anyone's toes around here (or anywhere).


I always thought the a in his name was pronounced ah... Traq? :DI don't really know how it's pronounced

gosh darn it, I leave you guys alone for a couple of hours and you start talking about hacking? Seriously? You John, are now banned from watching CSI, that show is giving you some bad ideas. :p
As for typing hacked on people's walls, when they're away from the computer, I believe the term is being a hacxor1337.

As for traq, I believe it is pronounced "T-R-A-Q" as in walrus, or goldfish

"You might consider this "just for fun," but we don't." ...?

That's what I understood it to mean. I was using their service to look at their own facilities. I guess I left that part out. If anyone is still unclear about it, well then, "You had to be there."


I understand. Hacking is finding and exploiting weaknesses in code, which I think matches what's going on pretty well. Difficulty is another issue. As John says, the main thing is we just need to remember not to step on anyone's toes around here (or anywhere).

Yes I meant it as an amusing story, and a cautionary tale. Around here the worst thing that would probably happen is you get banned from the forum, and for that you would have to do something pretty bad and ignore all warnings/requests to stop. Out there in the wider world, even innocent stuff can have intense consequences. Once you set the wheels in motion, you might not be able to stop them. They could roll right over you.

To me hacking also takes advantage of the strengths of code. Weaknesses in security get you in, but it's usually pretty amazing what a program does. It's satisfying understanding the code and getting that to work for you.

The kind of hacking I usually do is with code that's not intended to be secure, like the scripts here. If you're good and the code is too, you can often use a script's own methods to do what you want without having to edit the code. Just make a tie in.


I don't really know how it's pronounced

I just assumed it was like "track" with a hard q. I have some funny made up names for some of the people in here. Nothing for regular folks though. Can't think of any of them at the moment. But a lot of them are just like one or two letters or a slight adjustment of syllables off of some pretty funny things.

alright then, quote everyone but me, I know when I'm not wanted

alright then, quote everyone but me, I know when I'm not wanted

I hope you're kidding, but if you're not I hope you're happy now. :)

don't worry, I'm kidding :p

Wow, this is a strange conversation...
And I'd hardly call it hacking anyhow, as John told me how to do it :D

Wow, this is a strange conversation...
And I'd hardly call it hacking anyhow, as John told me how to do it :D

Oh, so now I'm the hacker . . .

As for traq, I believe it is pronounced "T-R-A-Q" as in walrus, or goldfishyeah, probably.

BTW I forgot to include this last night (your "hacxor" comment reminded me)
http://thedoghousediaries.com/comics/uncategorized/2011-07-22-2b1e132.png

Love the photo!


Oh, so now I'm the hacker . . .

Yes. What webdev hasn't once tried hacking something?

...What webdev hasn't once tried hacking something?I once decided to try and find out how serious the security problems on shared hosts could be. Now, I love programming, but I'm not really deep into security (and was far less so at the time), and I don't consider myself a hacker. I still have to use a cheat sheet for bash.

I didn't really think I'd get anywhere. But, I wrote about six lines of PHP and glob()'d my /tmp directory. This revealed three sites that happened to be on the same server I was. I had five open user sessions, plus a _complete_ database dump -a recent backup that hadn't been GC'd yet- for one of the sites (which was using wordpress). All this without actually touching anything in the sites' home directories! Conceivably, I could have written a new script to any of those three sites that would have allowed me to do literally anything I wanted, as though it were my own site.

Deleted everything. Haven't been back down that road, but you can bet I approach my PHP scripts differently now. And, I have a whole new opinion on the merits of a private server. :D

Traq, that's worrying and interesting. But I expect that many hosts have improved security since then. If you do use a shared host, I believe it's crucial for it to be a generally trustworthy service rather than just the cheapest one you can find. Luckily with competitive prices out there, there are many choices for shared hosts so it shouldn't be too hard to find one with a good reputation (including for security) as well as a reasonable price.

I agree that it's worrying and interesting - but no, most hosts don't do anything about it. The problem is inherent with shared servers. There are two ways to close the hole: private servers (or virtual private servers), or to configure Apache to run under a different user for each account (meaning computer user; most hosts simply run Apache as "nobody," handling all shared sites together, thereby giving all accounts the same permissions to access files [good introductory article (http://shiflett.org/articles/shared-hosting)]).

Both of these solutions are fairly easy to implement from a technical standpoint, but hosts generally consider them prohibitively expensive in terms of memory and processing power. As I'm sure you know, private servers / VPS cost quite a bit more than shared hosting. I'm not aware of any web host that runs Apache under unique users in a shared hosting setup (VPS are probably an easier/cheaper option).

As computers get bigger, stronger, and faster, we might start to see VPS start to become a new, de facto standard for generic hosting. But I'm not sure how long that will take.

Huh. Well, that's new for me. I thought hosts could limit how far up (down?) the directory tree a program could navigate, that it was simply blocked to go beyond the root of the user's directory, for any user. I can see how that could not be implemented, but I'm still not sure that it's impossible to do so.