tslocum
/
tinyib
6
6
Fork 1
Code Issues 31 Pull Requests Releases Activity
Labels Milestones
New Issue

Sec upgrade cool idea for u #240

Open
opened 9 months ago by Ghost · 3 comments
Ghost commented 9 months ago

hi! If you were to rename .accounts .bans .keywords .logs .posts .reports and .tinyib.db to names that start with .ht tinyib would have greater overall security. Just put .ht in front of them like .htaccounts .htkeywords .htlogs and so forth.

On nginx, tons of sites are configured with
location ~ /.ht {
deny all;
}

If not, one can easily add the code to the server block nginx config. THEN, renamed, for example .httinyib.db, the sqlite3 db, would not be able to be downloaded!! Same for the flatfile if it is renamed to something that starts with .ht.

So if you were to rename everything, the simple short code of location ~ /.ht {
deny all;} could be used to make tinyib much more secure for flatfile or sqlite3 and for everything.

GREAT job by the way, tinyib still works fine on very latest php 8.x ver, NO other php imageboard can say that yet, ...they just make excuses saying there is no need to upgrade the code to work with php8 lol. Tinyib does more than vichan in lots of ways- it has features vichan does not even have. Tinyib has always been an awesome work horse. 

https://github.com/mediumib/TinyIB  Here is old school tinyib- the oldest ver. I just edited imgboard.php a bit, the - magicquotes part - and even THAT old ver of tiny ib works great on php8!! (maybe you wanted to update the archived repo?)
hi! If you were to rename .accounts .bans .keywords .logs .posts .reports and .tinyib.db to names that start with .ht tinyib would have greater overall security. Just put .ht in front of them like .htaccounts .htkeywords .htlogs and so forth. On nginx, tons of sites are configured with location ~ /\.ht { deny all; } If not, one can easily add the code to the server block nginx config. THEN, renamed, for example .httinyib.db, the sqlite3 db, would not be able to be downloaded!! Same for the flatfile if it is renamed to something that starts with .ht. So if you were to rename everything, the simple short code of location ~ /\.ht { deny all;} could be used to make tinyib much more secure for flatfile or sqlite3 and for everything. GREAT job by the way, tinyib still works fine on very latest php 8.x ver, NO other php imageboard can say that yet, ...they just make excuses saying there is no need to upgrade the code to work with php8 lol. Tinyib does more than vichan in lots of ways- it has features vichan does not even have. Tinyib has always been an awesome work horse. https://github.com/mediumib/TinyIB Here is old school tinyib- the oldest ver. I just edited imgboard.php a bit, the - magicquotes part - and even THAT old ver of tiny ib works great on php8!! (maybe you wanted to update the archived repo?)
Ghost commented 9 months ago
Poster

oah and how come numbers don't show up on your site here? Im visiting from a tor browser, any number is invisible...kinda odd. for example when it shows the number of how many days since you fixed stuff. also when i type a number its invisible.

oah and how come numbers don't show up on your site here? Im visiting from a tor browser, any number is invisible...kinda odd. for example when it shows the number of how many days since you fixed stuff. also when i type a number its invisible.
Ghost commented 9 months ago
Poster 
numbers work in code tags tho  12345678
``` numbers work in code tags tho 12345678 ```
ghost123321 commented 9 months ago

afaik you only have to disable access to a single folder for all these files to not be accesible, I think the current filenames are fine

afaik you only have to disable access to a single folder for all these files to not be accesible, I think the current filenames are fine
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
json
master
shortcut
sqlitefix
Labels
Apply labels
Clear labels
bug
Something is not working duplicate
This issue or pull request already exists enhancement
New feature help wanted
Need some help invalid
Something is wrong question
More information is needed wontfix
This won't be fixed
No Label bug duplicate enhancement help wanted invalid question wontfix
Milestone
Set milestone
Clear milestone
No items
No Milestone
Assignees
Assign users
Clear assignees
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Write Preview
Loading…
Cancel
Save
There is no content yet.
Delete Branch '%!s(MISSING)'

Deleting a branch is permanent. It CANNOT be undone. Continue?

No
Yes