Page: 1
| Author | Post |
|---|---|
|
#1 Fri Jul 07, 2006 12:35 pm
|
|
|
Member
Registered: May 2005
Posts: 26
|
Hallo Comm,
i dont call it a bug, but there is something in the script that blocks users there connect over a proxyserver. Searchfunction doesnt work. Login only after more than 3 trys (much more if you are an admin will login ACP). Of course most people dont come over proxy but if they do, the useBB is not useable. Greets ScanX « Last edit by Dietrich on Fri Jul 07, 2006 12:38 pm. » |
|
#2 Fri Jul 07, 2006 12:39 pm
|
|
|
Developer
Registered: Apr 2004
Posts: 2180
Location: Belgium
|
Moved to 2.0 Discussion.
1.0 does not support proxies. When using these proxies, a user's IP tends to change all the time. At this moment, this makes it for UseBB impossible to track sessions. Using X_FORWRDER_FOR header is not an option since it can be spoofed. We will look into better ways for 2.0. _______________ |
|
#3 Fri Jul 07, 2006 12:47 pm
|
|
|
Member
Registered: May 2005
Posts: 26
|
OK, thanks for fast reply!
|
|
#4 Fri Jul 07, 2006 10:06 pm
|
|
Member
 Registered: May 2006
Posts: 16
|
you should not rely neither on ip nor user_agent. there are better ways of protecting sessions like regenerating id, relying only on cookies, forcing own ids, etc. etc. i'll write more details about securing sessions if you like.
|
|
#5 Sun Jul 09, 2006 12:39 pm
|
|
|
Developer
Registered: Apr 2004
Posts: 2180
Location: Belgium
|
This is a possibility, although I doubt if this is possible using PHP's session functionality.
_______________ |
Page: 1
UseBB Community is powered by UseBB 1 Forum Software
