[thesite] UEUE v.0.2 Update
Warden, Matt
mwarden at mattwarden.com
Mon Nov 5 20:52:30 CST 2001
On Nov 6, isaac had something to say about RE: [thesite] UEUE v.0.2 Update
>> The benefit of UEUE here is that we could single out only the server with
>> UEUE on it and ONLY allow that server to access the database with member
>> info.
>>
>> Then, problem solved. And it can't be circumvented by looking at our
>> source code.
>
>How far off is UEUE though?
Why does that matter?
>I don't see the problem in throwing the password onto the database
>temporarily to reduce the risk somewhat.
Well shit... why don't we take the datasource name, do a bunch of funky
shit with it like start out with a numerical value, multiply it by
another numerical value, and then convert each into a character so it
takes someone a good 10 minutes to figure out what it is?
security by obscurity!
>Suddenly you've gone from having
>*every* single MEO user being able to do anything they like to the database
>(it's still hard to believe), to it being open to those who've directly
>participated on thesite and have been entrusted with access, right?
*shrug*
whatever. the people on thesite are the only ones who know about this
anyways. so, if you're one for security by obscurity...
but, if you wanna go in and add all this, go for it, i guess. teo and feo
too, of course... and whereever else there's a query to a member database.
rock on,
--
mattwarden
mattwarden.com
More information about the thesite
mailing list