Quote:
Originally posted by pussyluver
Do ya blame vBulletin for the security issues or adult.com for setup of servers and the program?
|
Both, plus PHP's documentation regaridng sessions.
vBulletin patched up some of the major issues in a way that
at least makes it harder to exploit, if you use the default settings.
The admin for the relevant settings don't mention that
by changing the settings you open yourself wide open
to easy attacks where the attacker can take over the admin account.
Just to demonstrate, I did just that on another major webmaster board.
I made a post that when read by the forum admin
gave me admin privileges.
Lens should have this shit fixed, that's on him.
But on the other hand he probably has as hard a time as
anyone else finding qualified programmers who know shit
about security, search, or relational database.
I very respectfully disagree a little, perhaps, with colpanic.
If not with what he said, with what he implied.
SQL products such as MySQL can certainly do full text
searches of large datasets very quickly,
but the database needs to be set up right to do that.
MySQL provides a totally transparent "fulltext" index that
would go a LONG way in that respect.
Then certain other columns that are not indexed
by default in VB need simple indexes.
I would suggest that the MySQL code, with the appropriate
idexes and all, would be a lot faster then the Java (
)
solution he mentioned.
Now if Lens paid us each a couple hundred bucks, as a team
we could have it working nicely very quickly.
