I am more worried about the real benefits than trying to trick the scans- would Viart actually pass?
alien73 (Guest)
3 Aug 2008 2:06 PM
It's not a trick just smart for any website.
on2dvd
4 Aug 2008 12:15 AM
Thanks for your post. I am just unsure what exactly this code does.
alien73 (Guest)
4 Aug 2008 12:21 AM
It checks XSS for cross site scripting and logs them to a file.
alien73 (Guest)
4 Aug 2008 12:24 AM
or I meant to say to stop hackers from cross site scripting..
You can secure a site simply by using .htaccess to disallow just about anything...
Example
<FilesMatch "\.(inc|tpl|h|ihtml|sql|ini|conf|class|bin|spd|theme|module|exe)$">
deny from all
</FilesMatch>
on2dvd
4 Aug 2008 3:00 AM
Thanks for that information. I'd still like the customer to see the secure tag.
on2dvd
5 Aug 2008 4:39 AM
I have passed HackerSafe, however.
From the first report I thought I should mention this.
Unencrypted Login Information Disclosure
Severity Protocol Category
Low HTTP Web Application
Devices Fix Difficulty Impact
1 Medium Information Disclosure
Description
The remote host appears to allow logins over unencrypted (HTTP) connections. This means that a user's login information is sent over the
internet in clear text. An attacker may be able to uncover login names and passwords by sniffing network traffic.
Solution
Plain-text protocols should never by used to transmit sensitive information over the Internet. When passing login information to the web
server, use HTTPS (SSLv3, TLS 1) instead of HTTP
So from this I have removed all user login blocks from the site- meaning everyone must go to the https page to login.
