Announcement

Collapse
No announcement yet.

AM Security

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    AM Security

    Worried that AdminMod is insecure? The AdminMod site has been updated with a security tip:
    When using regular expressions in your users.ini file (i.e. use_regex set to 1) make sure you have a complete regex and that it matches only what you want it to match. Special characters which are often forgotten are the start "^" and end "$" characters.



    Remember, when you have a line like "theo:somepass:12345" in your users.ini and use_regex set, then also the names "theodor" or "antheom" will match and gain admin access. Check if you actually meant "^theo$:somepass:12345".
    I think regular expressions spreading any further should be prevented. Perl and PHP will go straight to hell because of it!
    Tags: None
  • #2
    sux 4 teh admins

    Comment

    • #3
      regexs are good when you know how to use them right... problem is, nobody knows how to use them right.

      Comment

      • #4
        I know how to use them. After 2+ years, I can finally use them 95% of the time without reference.



        They still piss me off. And their expressions are HARDLY regular.

        Comment

        • #5
          rizzah: the hardest working man on a sunday afternoon.



          are you a student? what a nice big hobby.

          Comment

          • #6
            regex autolink has got to be a bundle of fun.

            Comment

            • #7
              I shocked myself when I did a perfect regexp of finding a word inside of a link, removing it, highlighting occurrences outside of linkes, and then adding the word back into the link perfectly.



              Spell checker for life!

              Comment

              • #8
                I know one of these days that PHP regexp's will hunt me down and make me learn them...I dread that day.

                Comment

                • #9
                  Are you kidding me? Think about what you can do with a one line regexp and then think about how many lines it would take to do it without rexexp's. They may be tough to learn (nothing short of assembler looks more like line noise) but they are crazy powerful.



                  BTW, it's not just Perl and PHP anymore, regexp's are in Java and C# (and the other .net languages?) now.

                  Comment

                  Previous template Next
                  Working...
                  X