I'd be worried about the reverse situation - PHPBB is one of the most hacked web apps on the planet.
On 2/20/06, Rick Root <[EMAIL PROTECTED]> wrote: > In an effort to do something different with my chat app, I thought it'd > be cool to "integrate" with an EXTERNAL third party app - phpBB. > > I run a little blog... www.thecaniac.com (I'm a big fan of the Carolina > Hurricanes hockey club). I'm also a heavy participant in the > organizations official message boards, which use phpBB. > > So I put up a chat room on my blog, and I want people to use their phpbb > usernames.. but I don't want people to be able to masquerade as someone > else. > > So I wrote a little script that actually uses my message board login, > and using CFHTTP, logs into phpbb and sends a private message to the > user with a link they can use to access the chat room. The link > contains an "access key" which is encrypted and url-encoded, it contains > their username and a timestamp. > > And it worked! I was actually amazed. > > Question - how difficult is it to crack the encyption that CF uses by > default? Without knowing the key I used to encrypt it, of course. -- CFAJAX docs and other useful articles: http://jr-holmes.coldfusionjournal.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:232879 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
