Serious security flaws...
I'm new to the punBB arena, however I'm a professional .Net developer for an agency of the federal government. While looking at the code, there seems to be a lot of overhead and some security flaws....
View ArticleRe: Serious security flaws...
Also,Whoever did the Themes support really doesn't know how to use it. You create a page for the controls and use CSS for the rest and use the page declarative (or web.config) to define which theme...
View ArticleRe: Serious security flaws...
cgcarter1 wrote:The last thing and most important is encrypting the connection string (for obvious reasons). This is extremely easy to do in code-behind. I typically give a button event to encrypt...
View ArticleRe: Serious security flaws...
There is an error in the Membership Provider. On the OdbcCommand it calls for a uniqueidentifier for the PKID field. The field in the table is called UserId and a varchar. This throws an exception....
View ArticleRe: Serious security flaws...
Also there is a typo in the ODBC queries. It looks for a column LastPasswordChangedDate when the column in the Users table it LastPasswordChangeDate. I am rewriting the module into a class library...
View ArticleRe: Serious security flaws...
Very interesting thread, I wonder why a developer hasn't replied to it or better yet, invited you to join the core development team.Cheers,Gene
View ArticleRe: Serious security flaws...
Quite simple really, Gene53 - I suspect there isn't really a development team at all. Considering the code was forked into FluxBB when Informer bought PunBB from Rickard and all the updates to PunBB...
View ArticleRe: Serious security flaws...
Yup ... I believed the developer thought that .NET is same as PHP so most of the things are looking exactly like PHP.
View ArticleClik here to view.
Re: Serious security flaws...
I hope these security flaws will be wiped away in the next release of punbb. Im new to using punbb but im liking it
View ArticleClik here to view.
Re: Serious security flaws...
It's regarding PunBB.NET, another project, separated from PunBB, so don't worry about security issues .
View Article