XOOPS

XOOPS 2.0.10 RC Released

Mithrandir  03-Apr-2005 09:44 18096 Reads   79 Comment(s) 

When should I use this?
You should use the token system whenever you have a form that results in changes to the database. Especially if the form is only available to certain privileged users.

I'm using module xxx on my site, it doesn't use tokens. Is it unsafe?
Not directly, no, although there is some discussion in this area (which is why we are making this token system altogether). If you are checking the HTTP REFERER (which XOOPS does by default) you are quite safe from the malicious attacks where your site admins are tricked into performing actions on your site by submitting forms on another site. However, checking the HTTP REFERER is not entirely friendly towards your users, who may have to configure their firewall for your site. The token system makes your site less vulnerable should you decide to disable the referer checking.

Who should I thank for making my XOOPS more secure
The Japanese XOOPS community should be the target for your praise, flowers, chocolate and whatever else, you would want to send their way.
« 1 2 (3)
Rating 0/5
Rating: 0/5 (0 votes)
Voting is disabled!


Login

Who's Online

122 user(s) are online (2 user(s) are browsing Publisher)


Members: 0


Guests: 122


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Dec 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits

Categories