Increasing security
To prevent people from attacking our admin backend, we´ve created virtual directories to make it harder to find. We´ve also made some rather nice improvements to the user verification in the last few weeks.
Published 07.12.2005 - Last edited 07.02.2006 - 1514 views - 2 comments
Even though the changes aren´t visible to the visitor, we believe it´s of great importance to increase security as there seams to be nosy people without other things to do than to hack and destroy. Off course we do keep a backup, but it´s annoying to constantly have to open your page just to see it´s been hacked. It happened to our forum earlier this year, and resulted in an upgrade and restricted settings for posting in the forum.
Besides the standard md5 database password encryption, the cookies are now encrypted as well. Triple verification when logging in and administrating and a few more stuff we like to keep secret for now.
Additional fixes and improvements
- Report broken link now requires user details before submission to prevent "children" from clicking without reason.
- Pagerating updates itself immediately after you rate a page, and also prevents multiple votes when hitting e.g. F5
- Popup rating auto-refreshes parent window when closed
- Contact form is only allowed to be submitted once
1 | Friday 09 Dec 2005 14:28:21 | Milla has this to say:
Hi Thom, can you tell me more about the virtual stuff? I see the standard URL's have changed dramatically as well. Anyway, think the V3 is awesome :)
Really nice work, I'll be around for the release for sure!
2 | Friday 09 Dec 2005 15:19:18 | Thomas has this to say:
Hi Milla. The rewrite and virtual stuff requires to some extent access to Apache's config file.
Our generous webhost provides just that, so the location of our backend changes on weekly bases so to speak...
When it comes to the rewrite thing, we merely passes the info differently than before, hiding the variables somewhat more.
ECMS V3
Up one level
ECMS News