Re: [Openpacket-devel] Please kick the tires again
Brought to you by:
crazy_j,
taosecurity
Menu
▾
▴
Re: [Openpacket-devel] Please kick the tires again
|
From: Richard B. <tao...@gm...> - 2008-02-26 02:49:28
|
On Mon, Feb 25, 2008 at 9:48 PM, James Pleger <jp...@gm...> wrote: > One thing that I might suggest is to put this on https rather than http so > you don't have to worry about any clients behind ips getting messed with :) > > Another thing that I noticed was that profile pages can be edited to include > javascript, and can be used to xss someone: > http://www.openpacket.org/profile/public_profile?userid=jpleger > > Errors out with 500 if the user doesn't exist when trying to reset password: > http://www.openpacket.org/profile/forgot_password > Thanks James. JJ just mentioned we need to buy a SSL cert. That could be our first donation. Richard |
