Jump to content

Cookie Injection Protection


Guest W13

Recommended Posts

Posted

Invision Power Board 2.2.0 introduces a 'stronghold' cookie. This cookie is saved alongside the member log in key and contains very specific information about the computer that's being used to access the forum. A stronghold cookie will not work on another computer or even for another user. This means that even if a hacker had your cookie information they would be unable to log in as you because the stronghold cookie check will prevent that.



Furthermore, IPB 2.2.0 also takes advantage of "HTTP Only" cookies to prevent javascript from accessing sensitive cookies. This will make it much harder to gain a member's log in cookies and increases security against XSS attacks.



Already present in the Security Enhancements in IPB2.2 :)

The specific exploit you link to would have been prevented by the new SQL injection protection, also in 2.2 :thumbsup:
Posted

^^Amazing catch there guys. I think this will again stay at the top of being the MOST secure product out there...vb and phpbb just do NOT stack up what so ever....



Keep it up guys!



vBulletin proves your point by the fact that it's official site and forum are currently down ;)
Posted

Hehehe. Deffinatly does...

Oh and excellent job too, to the server configurators for this site...hasnt gone down once so far (that ive seen). speedy as hell too. Would think with all these members on bashing this place reading the new threads that it would be crashing. But its not...excellent yet again!

Posted

you wasnt here earlier then, it has crashed once so far that i know of.



Mmmhmm. One crash today, didn't last all that long. But bear in mind, there is more on this server - it also hosts IPSBeyond. But it is a testament to its stability that it can handle 1,000 concurrent users (and that its record maximum is 32,000 concurrent members!)

I don't know of any other forum software that handles that without a hitch, even multi-million dollar corporations (Blizzard Entertainment springs to mind) can't build software THAT stable!
  • Management
Posted

you wasnt here earlier then, it has crashed once so far that i know of.



We had an issue caused by the increase in traffic at the server level... IPB 2.2 itself is running pretty good actually. We are quite pleased.

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...