collapse collapse
* User Info
 
 
Welcome, Guest. Please login or register.
* Search

* Board Stats
  • stats Total Members: 989
  • stats Total Posts: 18366
  • stats Total Topics: 2501
  • stats Total Categories: 7
  • stats Total Boards: 35
  • stats Most Online: 1144

Poll

Should Security be updated to take advantage of the new options for private class functions and variables in PHP5, or should we leave it as is and call it secure enough for our purpose?

Yes - Do it.
9 (69.2%)
No - Leave it as is and just fix bugs.
4 (30.8%)

Total Members Voted: 13

Author Topic: High Priority: Security.php Poll  (Read 4234 times)

0 Members and 1 Guest are viewing this topic.

Offline Glarawyn

  • BeBot Hero
  • ******
  • Posts: 521
  • Karma: +0/-0
High Priority: Security.php Poll
« on: January 29, 2008, 06:55:01 am »
When I originally developed Security.php I planned on making the cache and other functions private so that other modules could not directly modify the Security cache. I then realized that the documentation I was looking at was for PHP5, and what I was doing would not work in PHP4.

Thus the design had to change, and security functions and the entire cache is exposed to any module that wants to poke at it.

Now that we're going to PHP5 Security could be done as originally envisioned, however it may have consequences if any modules are directly accessing the security cache, using cache_mgr, etc.

The question is, should Security be updated to take advantage of the new options for private class functions and variables in PHP5, or should we leave it as is and call it secure enough for our purpose?

Offline Nytridr

  • BeBot Expert
  • ****
  • Posts: 262
  • Karma: +0/-0
    • Rising Sun
Re: High Priority: Security.php Poll
« Reply #1 on: January 29, 2008, 07:32:21 am »
Glarawyn, Before I ask this.  I do know a little bit about bebot but not enough to know the impacts of this. 

If we left it as is, what are the possible scenarios that could happen? 

Not sure if anyone else would really ask this, so I figured I would give it a shot.  this was the first thing that I thought of.

I know it is possible to make some devastating security holes by putting in modules that you do not even look at.  But what would be the worse case scenarios if you left it as is?
Co-Prez of Rising Sun RK1 (1st & only org I will ever belong to)

Offline Glarawyn

  • BeBot Hero
  • ******
  • Posts: 521
  • Karma: +0/-0
Re: High Priority: Security.php Poll
« Reply #2 on: January 29, 2008, 07:38:41 am »
The biggest worry for security is someone coding a module that would parse your bot.conf and send them your AO username/password. There is nothing the security module can really do about that one. ;)

Possibly the worst thing someone could do is:

$this -> bot -> security -> cache = array();

Which would basically ban everyone until the bot was restarted or the 12 hour cron job came around and refreshed the security cache.

I'm leaning to the leave it as is myself, but I haven't decided yet.

Offline Khalem

  • BeBot Founder
  • Administrator
  • ********
  • Posts: 1169
  • Karma: +0/-0
    • http://www.ancarim.com
Re: High Priority: Security.php Poll
« Reply #3 on: March 05, 2008, 11:31:08 pm »
I'd classify this as "it'd be nice, but not really a priority".
BeBot Founder and Fixer Kingpin

 

* Recent Posts
Com bot module by bitnykk
[November 25, 2024, 05:36:11 pm ]


0.8.x updates for AO by bitnykk
[June 23, 2024, 03:19:47 pm ]


0.8.x updates for AoC by bitnykk
[June 23, 2024, 03:19:44 pm ]


[AoC] special char for items module by bitnykk
[February 09, 2024, 09:41:18 pm ]


BeBot still alive & kicking ! by bitnykk
[December 17, 2023, 12:58:44 am ]

* Who's Online
  • Dot Guests: 108
  • Dot Hidden: 0
  • Dot Users: 0

There aren't any users online.
* Forum Staff
bitnykk admin bitnykk
Administrator
Khalem admin Khalem
Administrator
WeZoN gmod WeZoN
Global Moderator
SimplePortal 2.3.7 © 2008-2024, SimplePortal