[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: [mv] Userdb password security/ Security ?
****** message to minivend-users from Hans-Joachim Leidinger <jojo@buchonline.net> ******
"B.J. Bezemer" wrote:
>
> ****** message to minivend-users from "B.J. Bezemer" <bas.bezemer@wxs.nl> ******
>
> Hi All,
>
> It has been very quiet after Gideons question on this topic and I can't
> imagine that Joachim and I are the only one that shivered for a moment.
> Ofcourse there are tricks or workarounds to fix this problem. You could
> rename the database from userdb to the name of a loved one in reverse order,
> with some numbers in it, but that is not a structural solution. The password
> field is not the only information that I don't want to be made public. I
> don't want anyone to snoop into my database where I keep all my information
> on orders (addresses of my customers, how much they ordered etc.).
>
[BIG DEL]
Some time after my check, i have thought about this and i think...
without any MV tags like [value name] etc...in any results page, nobody
is able to see any user informations. Anyone can see the number of blank
lines. Ok! This is no problem for me. We can prevent this with a if
conditions by MV. But are there any way to grap the informations? I can
not believe it, because i can not see any way to transfer any data to
any server via cgi methode and without a post methode.
It seems me, we are frightened and we have hoped like a lot of chicken.
I am very sure, if this is a real security hole, we all get an emergency
help by Mike Heins.
At this moment, i can sleep in my bed very well now! Isnīt it so?
Regards,
Joachim
--
-------------Hans-Joachim Leidinger---------------------
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
