• Forum
  • Doc
  • Screenshots
  • Download
  • Donate
  • Contributors
  • Contact

Security with integration with Joomla

Moderators: OldWolf, re*s.t.a.r.s.*2

Post a reply

Postby morcth » Tue Mar 13, 2007 5:14 pm

Hello,

There is a plugin for FireFox called tamper data that lets you manipulate all POST parameters sent in the browser.

If the chatroom is integrated into a CMS like Joomla, is it possible that someone using this plugin can change their username to someone elses before they login. I tried it a bit a few days ago and it didnt look like it could work but I am not too killed with that so not sure.

Using tamper data does it take away a bunch of security because people can tamper with post parameters?

Is there a way to hardcode into the script to get the username value instead of sending everything in parameters? Thanks for any info.

Josh
morcth
New member
 
Posts: 6
Joined: Tue Mar 13, 2007 4:59 pm
Top

Postby phpfreechat » Tue Mar 13, 2007 5:30 pm

morcth wrote:Is there a way to hardcode into the script to get the username value instead of sending everything in parameters?

Yes, just use :
$params['nick'] = $yournicknamecomingfromyourdatabase;
phpfreechat
Site Admin
 
Posts: 2657
Joined: Tue Feb 07, 2006 3:35 pm
Location: France
Top
Post a reply

Return to General Support (v1.x)

Who is online

Users browsing this forum: No registered users and 40 guests

Powered by phpBB® Forum Software © phpBB Group
Fork me on GitHub