The following warnings occurred:
Warning [2] Undefined array key "avatartype" - Line: 783 - File: global.php PHP 8.1.27 (Linux)
File Line Function
/global.php 783 errorHandler->error
/showthread.php 26 require_once
Warning [2] Undefined array key "avatartype" - Line: 783 - File: global.php PHP 8.1.27 (Linux)
File Line Function
/global.php 783 errorHandler->error
/showthread.php 26 require_once
Warning [2] Undefined variable $newpmmsg - Line: 40 - File: global.php(841) : eval()'d code PHP 8.1.27 (Linux)
File Line Function
/global.php(841) : eval()'d code 40 errorHandler->error
/global.php 841 eval
/showthread.php 26 require_once
Warning [2] Undefined array key "style" - Line: 909 - File: global.php PHP 8.1.27 (Linux)
File Line Function
/global.php 909 errorHandler->error
/showthread.php 26 require_once
Warning [2] Undefined property: MyLanguage::$lang_select_default - Line: 5024 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 5024 errorHandler->error
/global.php 909 build_theme_select
/showthread.php 26 require_once
Warning [2] Undefined array key "additionalgroups" - Line: 7162 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 7162 errorHandler->error
/inc/functions.php 5044 is_member
/global.php 909 build_theme_select
/showthread.php 26 require_once
Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 1415 errorHandler->error
/inc/functions.php 1370 fetch_forum_permissions
/showthread.php 137 forum_permissions
Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 1415 errorHandler->error
/inc/functions.php 1380 fetch_forum_permissions
/inc/functions.php 2909 forum_permissions
/showthread.php 621 build_forum_jump
Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 1415 errorHandler->error
/inc/functions.php 1380 fetch_forum_permissions
/inc/functions.php 2909 forum_permissions
/showthread.php 621 build_forum_jump
Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 1415 errorHandler->error
/inc/functions.php 1380 fetch_forum_permissions
/inc/functions.php 2909 forum_permissions
/showthread.php 621 build_forum_jump
Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 1415 errorHandler->error
/inc/functions.php 1380 fetch_forum_permissions
/inc/functions.php 2909 forum_permissions
/showthread.php 621 build_forum_jump
Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 1415 errorHandler->error
/inc/functions.php 1380 fetch_forum_permissions
/inc/functions.php 2909 forum_permissions
/showthread.php 621 build_forum_jump
Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 1415 errorHandler->error
/inc/functions.php 1380 fetch_forum_permissions
/inc/functions.php 2909 forum_permissions
/showthread.php 621 build_forum_jump
Warning [2] Undefined array key "mybb" - Line: 1952 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 1952 errorHandler->error
/inc/functions_indicators.php 41 my_set_array_cookie
/showthread.php 629 mark_thread_read
Warning [2] Trying to access array offset on value of type null - Line: 488 - File: inc/db_mysqli.php PHP 8.1.27 (Linux)
File Line Function
/inc/db_mysqli.php 488 errorHandler->error
/showthread.php 722 DB_MySQLi->fetch_field
Warning [2] Undefined property: MyLanguage::$ratings_update_error - Line: 5 - File: showthread.php(732) : eval()'d code PHP 8.1.27 (Linux)
File Line Function
/showthread.php(732) : eval()'d code 5 errorHandler->error
/showthread.php 732 eval
Warning [2] Undefined variable $postsdone - Line: 867 - File: showthread.php PHP 8.1.27 (Linux)
File Line Function
/showthread.php 867 errorHandler->error
Warning [2] Trying to access array offset on value of type null - Line: 867 - File: showthread.php PHP 8.1.27 (Linux)
File Line Function
/showthread.php 867 errorHandler->error
Warning [2] Undefined array key 4755 - Line: 867 - File: showthread.php PHP 8.1.27 (Linux)
File Line Function
/showthread.php 867 errorHandler->error
Warning [2] Undefined array key 4757 - Line: 867 - File: showthread.php PHP 8.1.27 (Linux)
File Line Function
/showthread.php 867 errorHandler->error
Warning [2] Undefined array key 4760 - Line: 867 - File: showthread.php PHP 8.1.27 (Linux)
File Line Function
/showthread.php 867 errorHandler->error
Warning [2] Undefined array key 4764 - Line: 867 - File: showthread.php PHP 8.1.27 (Linux)
File Line Function
/showthread.php 867 errorHandler->error
Warning [2] Undefined array key 4770 - Line: 867 - File: showthread.php PHP 8.1.27 (Linux)
File Line Function
/showthread.php 867 errorHandler->error
Warning [2] Undefined array key 4773 - Line: 867 - File: showthread.php PHP 8.1.27 (Linux)
File Line Function
/showthread.php 867 errorHandler->error
Warning [2] Undefined array key 4785 - Line: 867 - File: showthread.php PHP 8.1.27 (Linux)
File Line Function
/showthread.php 867 errorHandler->error
Warning [2] Undefined array key 4792 - Line: 867 - File: showthread.php PHP 8.1.27 (Linux)
File Line Function
/showthread.php 867 errorHandler->error
Warning [2] Undefined array key 4757 - Line: 1576 - File: showthread.php PHP 8.1.27 (Linux)
File Line Function
/showthread.php 1576 errorHandler->error
/showthread.php 1578 buildtree
/showthread.php 1578 buildtree
/showthread.php 879 buildtree
Warning [2] Undefined array key 4760 - Line: 1576 - File: showthread.php PHP 8.1.27 (Linux)
File Line Function
/showthread.php 1576 errorHandler->error
/showthread.php 1578 buildtree
/showthread.php 879 buildtree
Warning [2] Undefined array key 4773 - Line: 1576 - File: showthread.php PHP 8.1.27 (Linux)
File Line Function
/showthread.php 1576 errorHandler->error
/showthread.php 1578 buildtree
/showthread.php 1578 buildtree
/showthread.php 879 buildtree
Warning [2] Undefined array key 4792 - Line: 1576 - File: showthread.php PHP 8.1.27 (Linux)
File Line Function
/showthread.php 1576 errorHandler->error
/showthread.php 1578 buildtree
/showthread.php 1578 buildtree
/showthread.php 879 buildtree
Warning [2] Undefined array key 4785 - Line: 1576 - File: showthread.php PHP 8.1.27 (Linux)
File Line Function
/showthread.php 1576 errorHandler->error
/showthread.php 1578 buildtree
/showthread.php 879 buildtree
Warning [2] Undefined array key "additionalgroups" - Line: 7162 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 7162 errorHandler->error
/inc/functions_user.php 844 is_member
/inc/functions_post.php 406 purgespammer_show
/showthread.php 880 build_postbit
Warning [2] Undefined array key "profilefield" - Line: 6 - File: inc/functions_post.php(474) : eval()'d code PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php(474) : eval()'d code 6 errorHandler->error
/inc/functions_post.php 474 eval
/showthread.php 880 build_postbit
Warning [2] Undefined array key "canonlyreplyownthreads" - Line: 660 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 660 errorHandler->error
/showthread.php 880 build_postbit
Warning [2] Undefined array key "showimages" - Line: 741 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 741 errorHandler->error
/showthread.php 880 build_postbit
Warning [2] Undefined array key "showvideos" - Line: 746 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 746 errorHandler->error
/showthread.php 880 build_postbit
Warning [2] Undefined array key "invisible" - Line: 1506 - File: showthread.php PHP 8.1.27 (Linux)
File Line Function
/showthread.php 1506 errorHandler->error
Warning [2] Undefined variable $threadnotesbox - Line: 30 - File: showthread.php(1533) : eval()'d code PHP 8.1.27 (Linux)
File Line Function
/showthread.php(1533) : eval()'d code 30 errorHandler->error
/showthread.php 1533 eval
Warning [2] Undefined variable $multipage - Line: 33 - File: showthread.php(1533) : eval()'d code PHP 8.1.27 (Linux)
File Line Function
/showthread.php(1533) : eval()'d code 33 errorHandler->error
/showthread.php 1533 eval
Warning [2] Undefined variable $multipage - Line: 65 - File: showthread.php(1533) : eval()'d code PHP 8.1.27 (Linux)
File Line Function
/showthread.php(1533) : eval()'d code 65 errorHandler->error
/showthread.php 1533 eval
Warning [2] Undefined variable $addremovesubscription - Line: 79 - File: showthread.php(1533) : eval()'d code PHP 8.1.27 (Linux)
File Line Function
/showthread.php(1533) : eval()'d code 79 errorHandler->error
/showthread.php 1533 eval



FORUMS


The Form Tools forums are no longer active, but the old posts have been archived here. Please see the Help page on how to get help / report issues.

Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Security of Data and files
#2
Hi, Alex.

I can't speak on behalf of Ben but I'll try to address this in broad terms since I'm of the belief that security should be applied through layers; it's never one thing.

The first thing I'd do with any Form Tools installation is obfuscate the installation directory (either on the public root or in it's own subdomain). Naturally, this depends on the application you have in mind. In my case, staff and sysadmins need only ever access the Control Panel; I never expose it to the public and setup .htaccess rules accordingly.

Something like:

Code:
Order deny,allow
Deny from all
AuthName "htaccess password prompt"
AuthUserFile /path/to/.htpasswd
AuthType Basic
Require valid-user
# Allowed IP Address(es)
Allow from 127.0.0.1
Satisfy Any

Always place files requiring public access (e.g. forms) outside of the FT directory (this includes upload directories). Always ensure any form you set-up for accepting uploads has strict client- and server-side validation (e.g. never allow PHP files to be uploaded). You get the idea.

Never expose the FT directory in your robots.txt file for excluding webcrawlers; use .htaccess for this.

One thing I'm curious to get Ben's take on (and this is more a feature request) is to include the following line on all include files that only ever need to be accessed locally be the host:

PHP Code:
<?php if (eregi("name_of_file.php"$_SERVER['PHP_SELF'])) die('This page is not directly accessible'); 

Probably extraneous but, again, it adds an extra layer of protection; the FT config file should probably include this (contains your db credentials). It essentially tells the server to never execute the script unless it's accessed locally by the host.

I could go on but that's how I'd approach things in a broad sense.
Reply


Messages In This Thread
Security of Data and files - by alexh - May 2nd, 2011, 7:09 PM
RE: Security of Data and files - by crunchers - May 3rd, 2011, 12:27 AM
RE: Security of Data and files - by alexh - May 3rd, 2011, 12:49 AM
RE: Security of Data and files - by crunchers - May 3rd, 2011, 1:09 AM
RE: Security of Data and files - by alexh - May 3rd, 2011, 3:21 PM
RE: Security of Data and files - by crunchers - May 3rd, 2011, 11:22 PM
RE: Security of Data and files - by Ben - May 3rd, 2011, 8:16 PM
RE: Security of Data and files - by alexh - May 4th, 2011, 10:39 PM
RE: Security of Data and files - by Ben - May 4th, 2011, 7:37 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)