hehe, that's the only thing i hate about my job: i have to develop the sollutions so that it work with the strangest software (I.E. is paain) just because it's common.. anyhoo, this is getting offtopic..
Thanks for the info. The way i work around potentially evil tags is that i deny all tags whatsoever, apart from a selected few useful formatting-tags (br, ul, p, etc). BTW, I forced a coworker with modpoints into modding you up.
I gotta admit that that's an issue i haven't thought of, so thanks for telling me. Although i haven't seen anything in the logs that hints of a firewall altering the referrer yet.
session is automaticly aborted if HTTP_REFERRER is something else than a website on my server, or the CGI-script itself. Not really a strong way of countering such attempts, but combined with alot of other smaller things that i've implemented, it has proven useful.
1. I program the serverside so that it allways assumes that the user might be tampering with the parameters, so if any parameters are combined in a way they shouldn't be, the attemt gets logged and the session is aborted.
2. I don't use cookies
3. all characters that can be used is HTML or SQL code are delimited
4. I always assume that someone might be tampering with form data.
Im not saying that my security measures are flawless, but i do take alot of things into consideration, and i am paranoid when it comes to security (heh, which is why i posted here in the first place, i guess)
I would fall into the category of developers who did not know about this threat. How would i go about protecting the users? are there any simple guidelines that would make XSS-attacks impossible?
Many years ago i had this problem with my modem.. It simply would not work, so i uninstalled the driver, then rebooted. It worked.. wow, not exactly voodo, but the funny thing was that this happended every time. If i booted my PC without having the drivers reinstalled, my modem simply was dead, so i made an habit out of it: Each time I was about to shut down my pc, i remembered to uninstall the drivers. Well, afterall, it was Windows 95, so the fact that strange things occured aren't really that strange at all, i guess.
Well as a FreeBSD-user, I dont see anything that needs to be corrected in your post, since most of the mess in/etc is standard on all UNIXes =) Anyway, i couldnt agree more.
In my humble opinion, I say that/etc is partially fine as it is. As someone said earlier, atleast you have SOME idea about where your configuration files are. However, since I am a fan of tidy filesystems, I would say that/etc should be as it is, but with a few modifications. For example, files needed to run the system (passwd/shadow, ppp.conf, shells, groups, and such) could have their place in/etc while other applications' configuration files could be moved to a subdirectory. The same goes for other files. Myself, I think this could be a good idea, as long as it does not create a ton of subdirectories and become way too messy. If it is kept simple, the way the idea behind/etc originally was, it could work.
Me and a few friends thought up this way back when QuakeWorld was on its peak of popularity. The fragsuit is something you put on before you sit down and challenge your oponent. If you get hurt, small explosives on the suit explodes, just to make you feel the paint, and when someone dies, a large explosive placed under the chair detonates. If someone is telefragged, the two persons will swich places (computers as well), where the one who died will be turned into spam, and thrown on the telefragger).
I bet this invention would make most people start playing other games, and those who dont will probably start using a less aggressive playing-style.
Solar panels could really be the next generation power-source, if it can be developed a cheap and efective way of using solar energy. Have you seen that short-film on Discovery Channel about the guy who built a car that runs on solar power alone? You can walk faster than it, but hey, you could walk faster than the first steam-locomotives as well. But i'd still say that hydro-plants are the way to go, if the terrain allows it.
Well, allowing everyone to install SP2 would make worms and viruses that spreads due to OS voulnerabilities to be slowed down. And i doubt MS would sell more Windows if it wasnt possible to install SP2 on pirated windows-versions.
When i think of it... iMac would be the most dangerous hardware-weapon. You could get a good swing at it, because of the good grip you get on the handle, and it weights alot more than the human skull can take at the apropriate hurling-speed.
I was on my way home with it one friday evening, after a friend had borrowed it, when i got into an arguement with some guy over some booze i stole from him. I threw the harddrive, it obviously hurt him alot in the chest, and i ran off before he recovered (yeah, i know.. im a coward)
Could not agree more. I am ashamed that i forgot those. If you are really bored, throwing them at cars can be quite entertaining (make sure the owner doesnt see you)
Actually, no. I threw a regular 13gb IDE harddrive into the chest of someone who wanted to beat the shit out of me after stealing his booze. I think i hit him with a corner or something, because he sounded like it hurt like hell.
That's what i've been saying for years. I've used old harddrives for many things. These includes:
1. Weapon (seriously.. excellent self-defence tool. Saved my ass once)
2. Ash-tray (screw it open)
3. Toy (Am i the only one who find those rotating plates amusing?)
4. Paperweight
Slashdot Mirror
According to my typing and crappy gramar they do..
...that the hairdresser's hair is the one with the ugliest haircut.
first post? O.o
hehe, that's the only thing i hate about my job: i have to develop the sollutions so that it work with the strangest software (I.E. is paain) just because it's common.. anyhoo, this is getting offtopic..
3 perl 3
Thanks for the info. The way i work around potentially evil tags is that i deny all tags whatsoever, apart from a selected few useful formatting-tags (br, ul, p, etc).
BTW, I forced a coworker with modpoints into modding you up.
I gotta admit that that's an issue i haven't thought of, so thanks for telling me.
Although i haven't seen anything in the logs that hints of a firewall altering the referrer yet.
session is automaticly aborted if HTTP_REFERRER is something else than a website on my server, or the CGI-script itself. Not really a strong way of countering such attempts, but combined with alot of other smaller things that i've implemented, it has proven useful.
1. I program the serverside so that it allways assumes that the user might be tampering with the parameters, so if any parameters are combined in a way they shouldn't be, the attemt gets logged and the session is aborted.
2. I don't use cookies
3. all characters that can be used is HTML or SQL code are delimited
4. I always assume that someone might be tampering with form data.
Im not saying that my security measures are flawless, but i do take alot of things into consideration, and i am paranoid when it comes to security (heh, which is why i posted here in the first place, i guess)
Im already doing that by default, so i guess im safe (for now!!)
I would fall into the category of developers who did not know about this threat. How would i go about protecting the users? are there any simple guidelines that would make XSS-attacks impossible?
Many years ago i had this problem with my modem.. It simply would not work, so i uninstalled the driver, then rebooted. It worked.. wow, not exactly voodo, but the funny thing was that this happended every time. If i booted my PC without having the drivers reinstalled, my modem simply was dead, so i made an habit out of it: Each time I was about to shut down my pc, i remembered to uninstall the drivers.
Well, afterall, it was Windows 95, so the fact that strange things occured aren't really that strange at all, i guess.
Well as a FreeBSD-user, I dont see anything that needs to be corrected in your post, since most of the mess in /etc is standard on all UNIXes =)
Anyway, i couldnt agree more.
In my humble opinion, I say that /etc is partially fine as it is. As someone said earlier, atleast you have SOME idea about where your configuration files are. However, since I am a fan of tidy filesystems, I would say that /etc should be as it is, but with a few modifications. For example, files needed to run the system (passwd/shadow, ppp.conf, shells, groups, and such) could have their place in /etc while other applications' configuration files could be moved to a subdirectory. The same goes for other files. Myself, I think this could be a good idea, as long as it does not create a ton of subdirectories and become way too messy. If it is kept simple, the way the idea behind /etc originally was, it could work.
Me and a few friends thought up this way back when QuakeWorld was on its peak of popularity. The fragsuit is something you put on before you sit down and challenge your oponent. If you get hurt, small explosives on the suit explodes, just to make you feel the paint, and when someone dies, a large explosive placed under the chair detonates. If someone is telefragged, the two persons will swich places (computers as well), where the one who died will be turned into spam, and thrown on the telefragger).
I bet this invention would make most people start playing other games, and those who dont will probably start using a less aggressive playing-style.
Thief? nah.. not allways.. only when it comes to good homemade booze..
coward? coward = survivalist..
personal property vandal? It was self-defence..
The average joe gets pissed off at the world? There are plenty of reasons for that..
Is there a www-site dedicated to this? Do you have any pictures? What you said caught my interest =)
Solar panels could really be the next generation power-source, if it can be developed a cheap and efective way of using solar energy. Have you seen that short-film on Discovery Channel about the guy who built a car that runs on solar power alone? You can walk faster than it, but hey, you could walk faster than the first steam-locomotives as well. But i'd still say that hydro-plants are the way to go, if the terrain allows it.
Well, allowing everyone to install SP2 would make worms and viruses that spreads due to OS voulnerabilities to be slowed down. And i doubt MS would sell more Windows if it wasnt possible to install SP2 on pirated windows-versions.
When i think of it... iMac would be the most dangerous hardware-weapon. You could get a good swing at it, because of the good grip you get on the handle, and it weights alot more than the human skull can take at the apropriate hurling-speed.
SCSI may be better than IDE, but no hardware can match the danger of a man weilding an ATX powersuply.
I was on my way home with it one friday evening, after a friend had borrowed it, when i got into an arguement with some guy over some booze i stole from him. I threw the harddrive, it obviously hurt him alot in the chest, and i ran off before he recovered (yeah, i know.. im a coward)
Could not agree more. I am ashamed that i forgot those. If you are really bored, throwing them at cars can be quite entertaining (make sure the owner doesnt see you)
Actually, no. I threw a regular 13gb IDE harddrive into the chest of someone who wanted to beat the shit out of me after stealing his booze. I think i hit him with a corner or something, because he sounded like it hurt like hell.
That's what i've been saying for years. I've used old harddrives for many things. These includes:
1. Weapon (seriously.. excellent self-defence tool. Saved my ass once)
2. Ash-tray (screw it open)
3. Toy (Am i the only one who find those rotating plates amusing?)
4. Paperweight