rejetto forum

how stop section's hacker ( ACCEPTED BY THE BOSS)

Mars · 20 · 12534

0 Members and 1 Guest are viewing this topic.

Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
internal request: <img src="/~img24"> 
GET /~img24 HTTP/1.1
> Accept: */*
> Referer: http://127.0.0.1/

link request: <a href="/~img24">click</a>
> GET /~img24 HTTP/1.1
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, */*
> Referer: http://127.0.0.1/

i think you made something wrong.
the first case, since is an <img>, should have an accept of only images, and not */*.

anyway, i don't understand what you are trying to get.
i mean: what's the need behind this feature?


Offline bacter

  • Operator
  • Tireless poster
  • *****
    • Posts: 681
    • View Profile
Thank you mars for your proposition. I recognize that i tried to contibute with some idea to what I understood was the subject (how stop section's hacker) of the topic. Only thanks to your poposal I understand that the real subject is that in uppercase letters (ACCEPTED BY THE BOSS). As everything is already accepted, there is no need for me to think about the question.

continue -> continue -> accept -> finish.
your computer has no brain - use your own !


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2063
    • View Profile
nothing is finish, bacter, 'ACCEPTED BY THE BOSS' is not at all the end of the topic or the discission, it allows me only to know if the subject which I opened is in process of acceptance or completely refused.
Nothing prevents on the contrary from leaving place with better ideas, so as long is little that they do not make us return behind in the versions of HFS. ;)


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
uh? i don't understand your post bacter.
your suggestion would make it handier, because in a template with 10 sections, you want 8 to be private.
but since it is incompatible with current templates, i noticed that (as solace) you actually need 2 to be private.

notice difference between want and need.
most times, accessing a section that was not meant to be public, causes *no* harm.


Offline bacter

  • Operator
  • Tireless poster
  • *****
    • Posts: 681
    • View Profile
Rejetto, don't worry about my post. :) It's only a post in this special way that mars and I have developped to communicate with each other  ;).

You are right that accessing most sections not meant to be public, cause only garbage on the screen and no harm.

And this few sections that you (or/and) mars propose to declare as private, normally use some extra protection (%user%, memberof, access from ..) preventing execution of not wanted code.

It's not really important if we use [section|private] or [section|local] or [section|public] or {allow|section1 section2 ..}, as long as the final implementation helps to avoid unwanted access to some sections.
your computer has no brain - use your own !