Re: [Openpacket-devel] Please kick the tires again
Brought to you by:
crazy_j,
taosecurity
Menu
▾
▴
Re: [Openpacket-devel] Please kick the tires again
|
From: James P. <jp...@gm...> - 2008-02-26 02:48:09
|
One thing that I might suggest is to put this on https rather than http so you don't have to worry about any clients behind ips getting messed with :) Another thing that I noticed was that profile pages can be edited to include javascript, and can be used to xss someone: http://www.openpacket.org/profile/public_profile?userid=jpleger Errors out with 500 if the user doesn't exist when trying to reset password: http://www.openpacket.org/profile/forgot_password On Mon, Feb 25, 2008 at 7:33 PM, Richard Bejtlich <tao...@gm...> wrote: > Hello everyone, > > Sharri has been working again on OpenPacket.org, and JJ moved the > system to a production box reachable at www.openpacket.org. > > Would those of you with some time please take another look at the site? > > Thank you, > > Richard > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > |
