|Author:||Topic: Cookies and Peter Pan advices|
Last Visit: 04/18/13
Forum Posts: 5018
I read in some remote sites that some users decided to change the expiration date of the cookies as means of protection. A procedure "blessed" and recommended by the owners of those sites.
My advice to you all is:
1.) Not to use the script on these remote sites, an illegal, stolen property from this site. Changed into a buggy spyware.
2.) Not to implement this "protection". Why? because it does not protect anything. A user can change the expiration date regardless of what your script print into your users cookies.
This is just a small example of programing incompetence of those who stolen our script and call themselves for "developers". There are atleast 5 other issues in the piratical version that can both result in your site being defaced and your server even being derooted. Some of those issues are discussed openly in security sites out there.
Again, my advice to you, as the person whom was the security chief for webapp for the last 4 years now, always download your latest WebAPP script version and updates ONLY here at http://www.web-app.net...
GC/CS/E/H/IT/L/M/MU/PA/P/S/SS/TW/O d(+++)>+ s: a+>++>+++$ C++++$ UBAHS*++++$ P+++++(--)$ L !E? W+>++ N+++@ K+++>++++++@ w$ !O M->+ V--() PS+(-) PE(++) Y+ PGP->+ t+() 5 X? R>* tv@ b++>+++ DI+++ D? G(-) e++>+++@ h----() r+++ y++++ (Words of wisdom from Larry Wall, 1993)
| Cookies and Peter Pan advices|