WEB Made a site

Discussion in 'OT Technology' started by Kevin, Aug 24, 2008.

  1. Kevin

    Kevin New Member

    Joined:
    Aug 27, 2002
    Messages:
    87,634
    Likes Received:
    0
    Location:
    Michigan
    Not sure what to do with it though. Was supposed to be one of my side projects, but i haven't had any good ideas for it. Planned on taking advantage of the huge amount of hype for an upcoming (December) fight between 2 UFC fighters. All it is right now is a voting system, then spits out an image with your vote so you can put it in your signature on forums, etc.

    C# with a SQL Server backend.

    http://www.gsp-penn.com/
     
    Last edited: Aug 24, 2008
  2. White Stormy

    White Stormy Take that, subspace!

    Joined:
    Sep 17, 2002
    Messages:
    85,489
    Likes Received:
    70
    Location:
    Sparkopolis
    I can't fucking stand javascript links.
     
  3. Kevin

    Kevin New Member

    Joined:
    Aug 27, 2002
    Messages:
    87,634
    Likes Received:
    0
    Location:
    Michigan
    .Net detailsview, nigga
     
  4. White Stormy

    White Stormy Take that, subspace!

    Joined:
    Sep 17, 2002
    Messages:
    85,489
    Likes Received:
    70
    Location:
    Sparkopolis
    the vote link is a javascript call. that means that if I try to open it in a new tab.. I get a blank page. it's understandable for a poll vote to use javascript.. but do it as a form action or onclick or some shit.. not as an actual link

    not to mention it probably makes it easier to hack your poll when you show the user how you're passing all the info to the js function
     
  5. kingtoad

    kingtoad OT Supporter

    Joined:
    Sep 2, 2003
    Messages:
    55,918
    Likes Received:
    10
    Location:
    Los Angeles
    Not bad, but as White Stormy was saying, there is some questionable functionality regarding the implementation.
     
  6. Pepsi1975

    Pepsi1975 Mod of the Year

    Joined:
    Jan 6, 2005
    Messages:
    47,590
    Likes Received:
    0
    Location:
    Detroit
    but what is the point of hacking a site like that to fuck with the poll, it will not serve a real reason to try and sway the vote and it is not a big site so it is not like a notch in a hacker's belt
     
  7. kingtoad

    kingtoad OT Supporter

    Joined:
    Sep 2, 2003
    Messages:
    55,918
    Likes Received:
    10
    Location:
    Los Angeles
    To me, whether people care to hack a site or not shouldn't be a factor. I think security should remain a thought throughout the entire development process.
     
  8. Pepsi1975

    Pepsi1975 Mod of the Year

    Joined:
    Jan 6, 2005
    Messages:
    47,590
    Likes Received:
    0
    Location:
    Detroit
    i understand that part, but i am just saying i just don't see the point why someone would fuck with his poll
     
  9. biawokauns

    biawokauns New Member

    Joined:
    Sep 18, 2001
    Messages:
    19,893
    Likes Received:
    0
    Location:
    Republic of Kalifornia
    where whould i goez about learning C
     
  10. White Stormy

    White Stormy Take that, subspace!

    Joined:
    Sep 17, 2002
    Messages:
    85,489
    Likes Received:
    70
    Location:
    Sparkopolis
    :werd:
     
  11. Kevin

    Kevin New Member

    Joined:
    Aug 27, 2002
    Messages:
    87,634
    Likes Received:
    0
    Location:
    Michigan
    i can only hope you guys are joking about the security.
     
  12. Kevin

    Kevin New Member

    Joined:
    Aug 27, 2002
    Messages:
    87,634
    Likes Received:
    0
    Location:
    Michigan
    giant facepalm.
     
  13. kingtoad

    kingtoad OT Supporter

    Joined:
    Sep 2, 2003
    Messages:
    55,918
    Likes Received:
    10
    Location:
    Los Angeles
    It actually is a potential security risk. And a definite usability no-no.
     
  14. White Stormy

    White Stormy Take that, subspace!

    Joined:
    Sep 17, 2002
    Messages:
    85,489
    Likes Received:
    70
    Location:
    Sparkopolis
    I just can't stand anything using a link that can't be opened on its own. there are so many other ways to do the shit without being annoying
     
  15. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    just change the LinkButton to a Button if you give a shit about the whining. Then idiots won't expect it to open in a new page
     
  16. Shampoo

    Shampoo Rinse & Repost

    Joined:
    May 5, 2004
    Messages:
    60,183
    Likes Received:
    0
    Location:
    California
    The How and Submission could be easily done with a simple javascript if then rather then reloading the page.

    Otherwise nice, not much else to comment on.

    You'd be better at learning PHP.
     
  17. Kevin

    Kevin New Member

    Joined:
    Aug 27, 2002
    Messages:
    87,634
    Likes Received:
    0
    Location:
    Michigan
    i have a feeling you're the only one that finds it annoying.

    It runs a simple post back, then inserts the data. iis checks the data to make sure its the original data and not anything malicious.

    There is zero security concert here. The model .net uses is the same as all web frameworks.
     
  18. Kevin

    Kevin New Member

    Joined:
    Aug 27, 2002
    Messages:
    87,634
    Likes Received:
    0
    Location:
    Michigan
    Details on how its a security risk.
     
  19. kingtoad

    kingtoad OT Supporter

    Joined:
    Sep 2, 2003
    Messages:
    55,918
    Likes Received:
    10
    Location:
    Los Angeles
    I said it was a potential security risk. It could or could not be a security risk. JavaScript within links like that are generally easy to manipulate. And it's a usability no-no anyway. I haven't coded JavaScript like that in years for that reason.

    I'm not dissing your code or your site or anything at all. I just would generally advise practices like this for reasons previously said.
     
  20. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    His site is fine. I'm pretty sure MS would have fixed any security concerns if there were any by now. Since, you know, the framework has been used heavily since 2001. The whole ASP.net idea employs the event model seen with included javascript. There are many built in hooks for client side form validation which is why the form is submitted programatically vs. the form element doing the work. I don't see what the fuss is all about. Since when is having javascript on a click event a security concern?
     
  21. kingtoad

    kingtoad OT Supporter

    Joined:
    Sep 2, 2003
    Messages:
    55,918
    Likes Received:
    10
    Location:
    Los Angeles
    It's not the fact that it's an onClick, like I said, that's a usability issue. It's the way it was implemented could be a potential security risk. In this case, it probably isn't, being that it's part of the "heavily tested framework since 2001".
     
  22. biawokauns

    biawokauns New Member

    Joined:
    Sep 18, 2001
    Messages:
    19,893
    Likes Received:
    0
    Location:
    Republic of Kalifornia

    i dont want to learn php :o
     
  23. Kevin

    Kevin New Member

    Joined:
    Aug 27, 2002
    Messages:
    87,634
    Likes Received:
    0
    Location:
    Michigan
    This wasn't even something i coded. Its .Net generated. and its secure. As i said, nothing happens via javascript. it is simply a post back, and you can manipulate the data all you want, but IIS will know its been manipulated and an exception will be thrown.
     
  24. Kevin

    Kevin New Member

    Joined:
    Aug 27, 2002
    Messages:
    87,634
    Likes Received:
    0
    Location:
    Michigan
    I don't see it either, but it doesn't surprise me.

    Anyway, the attention to detail here is why i posted it. Lots of guys know their shit here and anything would have been pointed it.
     
  25. kingtoad

    kingtoad OT Supporter

    Joined:
    Sep 2, 2003
    Messages:
    55,918
    Likes Received:
    10
    Location:
    Los Angeles
    Jesus christ. I'm a fucking broken record here.

    I'm not saying your code isn't secure. I said it can be considered a potential security risk, and often times is on a lot of websites when it's implemented the way it's implemented here. Great, it's part of the framework, so it's probably secure. That's fantastic that it's secure and all, but it's still bad usability regardless. And not too long ago, the Windows Update site was prone to the JavaScript injection exploit. Although it was patched up not too long after a bunch of people started abusing it. Same framework I assume, right?

    And upon further analysis, the HTML output is all over the place. It's implementing code that's contradicting the specified doctype.

    I'm sure other than that, your back-end code is fantastically coded using the .NET framework and is extremely secure.
     

Share This Page