Scratch

I need someone to test the upgraded Contact Form  It has been upgraded with a better mailing system, and an IP catcher.  I might be adding reCAPTCHA to it later.

ahirbhairav wrote:

XenoK wrote:

I need someone to test the upgraded Contact Form  It has been upgraded with a better mailing system, and an IP catcher.  I might be adding reCAPTCHA to it later,.

Can I do that?

sure, just fill out the form, and submit.  Make sure it displays a correct success message, and I'll check if it sent.

I sent it...

P110, I want to implement a friending system for BETA.

jvvg wrote:

XenoK wrote:

ahirbhairav wrote:

I sent it...

well, welcome to the team!  You've been chosen as a site administrator.  If you show me any programming you've done, I can accept you as a developer.

Just saying, it seems you have a lot more administrators than regular users on your site. In general, the amount of mods/admins shouldn't be too big (e.g. 2 admins and 1 mod for over 100 users on Mod Share).

seems fair enough.  I've narrowed it down now to only our development team (for the website) plus our new administrator, and Joletole.

XenoK wrote:

all passwords are now hashed.

So you're saying passwords weren't hashed before now?  Thank goodness I didn't sign up.
Having plaintext passwords is a huge security risk.
Now, are they salted to, or just plain hashed?
(BTW, if you're using md5 or sha-1, don't.  They are considered cryptographically broken  Use sha-2 instead (any of the variants))

Also, having an admin:user ratio of 4:9 isn't good either.  If any one of those admin's accounts is broken in to, there goes the site.

Furthermore, you haven't successfully merged the forum and website user systems. 
There are about 44 users on the forums, 13 on the site.   Also, 12 users on the forums are "Eternity Team" and 4 are Forum team, which is also a big security risk

So, your ratio of admins:users on the site is 4:9, and on the forums its 4:11, not too much of an improvement

As a final note, I would suggest, if you don't have one already is to get an anti-spam plugin that checks against a database of usernames to see if any are often affiliated with spammers

Last edited by SJRCS_011 (2012-10-19 16:20:47)

smilies and censor filter added to messages, about field, and tagline.

SJRCS_011 wrote:

XenoK wrote:

all passwords are now hashed.

So you're saying passwords weren't hashed before now?  Thank goodness I didn't sign up.
Having plaintext passwords is a huge security risk.
Now, are they salted to, or just plain hashed?
(BTW, if you're using md5 or sha-1, don't.  They are considered cryptographically broken  Use sha-2 instead (any of the variants))

Also, having an admin:user ratio of 4:9 isn't good either.  If any one of those admin's accounts is broken in to, there goes the site.

Furthermore, you haven't successfully merged the forum and website user systems. 
There are about 44 users on the forums, 13 on the site.   Also, 12 users on the forums are "Eternity Team" and 4 are Forum team, which is also a big security risk

So, your ratio of admins:users on the site is 4:9, and on the forums its 4:11, not too much of an improvement

As a final note, I would suggest, if you don't have one already is to get an anti-spam plugin that checks against a database of usernames to see if any are often affiliated with spammers

I'm using md5, with my own method of salting.   Our administrators are fine, because everything is escaped, and even admins don't have access to the database.  I have made  numerous backups of the database already.  I will continue to keep improving the security of the site.  Thanks for your input!  I will look into getting an anti-spam plugin.  Thanks again, it's very helpful!

I'll be adding a couple more features, then I'll be putting the site into pre-beta.  I redid the login page!

ok, well sorry but i have been really busy and will still be but i have some free time now, im making a huge push to try improve all P110 Tech projects... I'll look into friend-ing, I have been having a few problems trying to create my own so ill try find the best way to look at it.

XenoK wrote:

BETA stage released!  full version coming out November 1st!

yayz

XenoK wrote:

ok, I've added a sessions directory, that stores all sessions.  I've extended the lifetime of sessions as well.

great

main thread has been updated, with news of tomorrow!