undefined | Better HN

0 pointskrapp10y ago0 comments

Probably. If they're not using PDO then that needs to be their first priority, dead stop. After that, maybe looking at their captcha script, because those sometimes have issues if they're not well designed. I don't know where theirs comes from but it doesn't seem to use much obfuscation so it's probably old. After that, Twig.

Although judging by a screenshot of the recent hack[0] posted here[1] escaping (and XSS) may not be an issue.

[0]https://i.imgur.com/pl22srz.png

[1]https://news.ycombinator.com/item?id=9990221

0 comments

ProjectEuler10y ago

Admin from PE here.

We've already been using PDO. As for overall privacy/security, please see https://projecteuler.net/privacy

krappOP10y ago

And PHPass as well, fair enough.

Thank you for showing up and addressing my armchair criticisms. I appear to stand corrected.

uxcn10y ago

I genuinely hope the security hole is findable/fixable. Thank you guys for continuing to run an awesome service, despite asshats repeatedly trying to abuse it.

sfrank214710y ago

Thanks for the response!

j / k navigate · click thread line to collapse