-
Can the browser receive instructions to do not cache the page?.
2009-04-16 16:26:52 UTC by nobody
-
Correction, use mysql_real_escape_string()
2008-05-29 19:21:46 UTC by leprasmurf
-
looks like you may be correct, as far as I can find the class simply adds the value to the sql statement before executing. Try surrounding all instances of $_POST or $_GET with htmlentities().
2008-05-29 18:45:54 UTC by leprasmurf
-
You can add a meta tag to prevent caching (quick google search: http://www.i18nguy.com/markup/metatags.html). be warned, IE 6 and below do not handle this well with out the update (http://support.microsoft.com/kb/323308 and http://support.microsoft.com/default.aspx/kb/937479)
2008-05-29 18:26:29 UTC by leprasmurf
-
If you go to a URL like :
/ppm_account_view.php?id='1
You see :
query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'1' at line 1
Hence, it's open to SQL injection vulnerabilities.
2008-03-31 09:33:48 UTC by gingerdog
-
if the page was served over SSL it would help...
2008-03-31 09:19:51 UTC by gingerdog
-
After a password is decrypted, it is displayed in the Account View page in plain HTML. This means the page and, therefore, the password are cached on the local computer. It would be easy to use a browser's history or even just the back button to view the password. I believe this is a major security flaw, but I'm not quite sure how to fix it.
2007-11-16 15:20:15 UTC by selvirino
-
I'm currently using the groups to define different companies. It would be good if you could define sub categories within each group to further define/filter the password list.
Perhaps a hierarchical view of the password list would also be useful.
2007-06-01 02:33:48 UTC by andersdd
-
Sorry, need to set the maximum accounts per page or just go to page 2 :)
2007-01-04 23:32:23 UTC by f-r-a-n-k
-
Nice application, simple and effective!
The current version doesn't show all accounts when the filter is 'off'. I don't know what causes it.
F.R.@.N.K.
2007-01-04 23:25:54 UTC by nobody
