Sec upgrade cool idea for u #240

Open
opened 9 months ago by Ghost · 3 comments
Ghost commented 9 months ago

hi! If you were to rename .accounts .bans .keywords .logs .posts .reports and .tinyib.db to names that start with .ht tinyib would have greater overall security. Just put .ht in front of them like .htaccounts .htkeywords .htlogs and so forth.

On nginx, tons of sites are configured with
location ~ /.ht {
deny all;
}

If not, one can easily add the code to the server block nginx config. THEN, renamed, for example .httinyib.db, the sqlite3 db, would not be able to be downloaded!! Same for the flatfile if it is renamed to something that starts with .ht.

So if you were to rename everything, the simple short code of location ~ /.ht {
deny all;} could be used to make tinyib much more secure for flatfile or sqlite3 and for everything.

GREAT job by the way, tinyib still works fine on very latest php 8.x ver, NO other php imageboard can say that yet, ...they just make excuses saying there is no need to upgrade the code to work with php8 lol. Tinyib does more than vichan in lots of ways- it has features vichan does not even have. Tinyib has always been an awesome work horse. 

https://github.com/mediumib/TinyIB  Here is old school tinyib- the oldest ver. I just edited imgboard.php a bit, the - magicquotes part - and even THAT old ver of tiny ib works great on php8!! (maybe you wanted to update the archived repo?) 
hi! If you were to rename .accounts .bans .keywords .logs .posts .reports and .tinyib.db to names that start with .ht tinyib would have greater overall security. Just put .ht in front of them like .htaccounts .htkeywords .htlogs and so forth. On nginx, tons of sites are configured with location ~ /\.ht { deny all; } If not, one can easily add the code to the server block nginx config. THEN, renamed, for example .httinyib.db, the sqlite3 db, would not be able to be downloaded!! Same for the flatfile if it is renamed to something that starts with .ht. So if you were to rename everything, the simple short code of location ~ /\.ht { deny all;} could be used to make tinyib much more secure for flatfile or sqlite3 and for everything. GREAT job by the way, tinyib still works fine on very latest php 8.x ver, NO other php imageboard can say that yet, ...they just make excuses saying there is no need to upgrade the code to work with php8 lol. Tinyib does more than vichan in lots of ways- it has features vichan does not even have. Tinyib has always been an awesome work horse. https://github.com/mediumib/TinyIB Here is old school tinyib- the oldest ver. I just edited imgboard.php a bit, the - magicquotes part - and even THAT old ver of tiny ib works great on php8!! (maybe you wanted to update the archived repo?)
Poster

oah and how come numbers don't show up on your site here? Im visiting from a tor browser, any number is invisible...kinda odd. for example when it shows the number of how many days since you fixed stuff. also when i type a number its invisible.

oah and how come numbers don't show up on your site here? Im visiting from a tor browser, any number is invisible...kinda odd. for example when it shows the number of how many days since you fixed stuff. also when i type a number its invisible.
Poster
numbers work in code tags tho  12345678
``` numbers work in code tags tho 12345678 ```

afaik you only have to disable access to a single folder for all these files to not be accesible, I think the current filenames are fine

afaik you only have to disable access to a single folder for all these files to not be accesible, I think the current filenames are fine
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.