Here is the game plan....
I am an administrator for an online game, what i am trying to develop is a inner-game forum, so all the people who have accounts can post, everyones own clan would have there own board, and it would save the trouble of setting up phpBB on my server and having everyone to make another account there also.
I have made a very primative board for this feature i'm developing but it seems to be not enough to function properly within the game enviroment.
Any suggestions on functions i should look into? Or if ya got a tutorial avalible for this kinda thing plz gimmie a link...
thx
advice on codin a forum....
Moderator: General Moderators
- hob_goblin
- Forum Regular
- Posts: 978
- Joined: Sun Apr 28, 2002 9:53 pm
- Contact:
passwords:
http://www.php.net/md5
look into all of the string functions
http://www.php.net/strings
do it in mysql..
http://www.php.net/mysql
a security tip i know
http://www.vexdev.com/viewnews.php?postid=4
http://www.php.net/md5
look into all of the string functions
http://www.php.net/strings
do it in mysql..
http://www.php.net/mysql
a security tip i know
http://www.vexdev.com/viewnews.php?postid=4
Yeah, thats a great security tip. adding a 1-2 second delay on every login attempt is trivial and people won't even notice the delay.
More sophisticated approaches will use an [linear|quadreatic|exponential|factorial] increase in the delay with the number of retries. Still using the base 1-2 second starting point. You can't give a free zero seconf first try 'cuz a smart attacker will just make sure each attempt is a new session. Also make sure you put the delay before the password test comparision, you don't want the attacker to be able to tell that the test failed by detecting the wait.
More sophisticated approaches will use an [linear|quadreatic|exponential|factorial] increase in the delay with the number of retries. Still using the base 1-2 second starting point. You can't give a free zero seconf first try 'cuz a smart attacker will just make sure each attempt is a new session. Also make sure you put the delay before the password test comparision, you don't want the attacker to be able to tell that the test failed by detecting the wait.
i've actually coded a forum myself, and made it look similar to the phpBB forums, its functionality and look basically.
It seems to work pretty well, but i dunno how it will perform when the board is full.
you can go see it here: http://aim.alanpowell.net/messageboard/
still in development, its on the alanpowell.net domain, which is just a test site that will be ported to another domain once finished
It seems to work pretty well, but i dunno how it will perform when the board is full.
you can go see it here: http://aim.alanpowell.net/messageboard/
still in development, its on the alanpowell.net domain, which is just a test site that will be ported to another domain once finished