GoFuckYourself.com - Adult Webmaster Forum - View Single Post

TFCash · 07-15-2002, 10:58 PM

I don't mean to piss anyone off here, but I want to say that Epoch has the absolute worst security in the world when it comes to their password administration script !!! The only thing that they use to verify that the script should go ahead and add the username/password is via refering IP

Very bad, due to the fact that any 9 year old can spoof an ip!! This happened to one of our customers last month, with the script that Epoch installed for them, and they(being Epoch) hadn't even un-commented the portion that does the check for the IP

( So if you do use them, please be sure to rename the CGI that add's/delete's username so that you don't get stung with 500 extra users in your password file that didn't pay !!!!

Tim

07-15-2002, 10:58 PM
TFCash Confirmed User Industry Role: Join Date: Apr 2001 Posts: 1,738	I don't mean to piss anyone off here, but I want to say that Epoch has the absolute worst security in the world when it comes to their password administration script !!! The only thing that they use to verify that the script should go ahead and add the username/password is via refering IP Very bad, due to the fact that any 9 year old can spoof an ip!! This happened to one of our customers last month, with the script that Epoch installed for them, and they(being Epoch) hadn't even un-commented the portion that does the check for the IP ( So if you do use them, please be sure to rename the CGI that add's/delete's username so that you don't get stung with 500 extra users in your password file that didn't pay !!!! Tim