Jump to content

Cookie Injection Protection

Guest W13

Recommended Posts

Invision Power Board 2.2.0 introduces a 'stronghold' cookie. This cookie is saved alongside the member log in key and contains very specific information about the computer that's being used to access the forum. A stronghold cookie will not work on another computer or even for another user. This means that even if a hacker had your cookie information they would be unable to log in as you because the stronghold cookie check will prevent that.

Furthermore, IPB 2.2.0 also takes advantage of "HTTP Only" cookies to prevent javascript from accessing sensitive cookies. This will make it much harder to gain a member's log in cookies and increases security against XSS attacks.

Already present in the Security Enhancements in IPB2.2 :)

The specific exploit you link to would have been prevented by the new SQL injection protection, also in 2.2 :thumbsup:
Link to comment
Share on other sites

you wasnt here earlier then, it has crashed once so far that i know of.

Mmmhmm. One crash today, didn't last all that long. But bear in mind, there is more on this server - it also hosts IPSBeyond. But it is a testament to its stability that it can handle 1,000 concurrent users (and that its record maximum is 32,000 concurrent members!)

I don't know of any other forum software that handles that without a hitch, even multi-million dollar corporations (Blizzard Entertainment springs to mind) can't build software THAT stable!
Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...