Bot-Factory 602 Posted May 6, 2015 Report Share Posted May 6, 2015 END OF SALE Product no longer available Quote Link to post Share on other sites
Enigma 78 Posted June 23, 2015 Report Share Posted June 23, 2015 Not sure what's so secure about this script, because the the "identifier" remains the same.So you can send that same identifier (which can be easily captured by any HTTP sniffer) to the server and then the "client" receives a new response from the server, decrypt it (AES256) and re-encrypt it with the server key (which you'll get from the response).Then start a session with an encrypted (AES256) sql query. So imo this scrypt isn't really secure.The problem here is that the "identifier" always remain the same and can be sniffed with any simple HTTP sniffer. Quote Link to post Share on other sites
Bot-Factory 602 Posted June 23, 2015 Author Report Share Posted June 23, 2015 Not sure what's so secure about this script, because the the "identifier" remains the same.So you can send that same identifier (which can be easily captured by any HTTP sniffer) to the server and then the "client" receives a new response from the server, decrypt it (AES256) and re-encrypt it with the server key (which you'll get from the response).Then start a session with an encrypted (AES256) sql query. So imo this scrypt isn't really secure.The problem here is that the "identifier" always remain the same and can be sniffed with any simple HTTP sniffer. The security is, that the SQL query is secured by the session ID. Which you can't decrypt from the HTTP response without having the AES password.So you can't sniff the SQL query and resend it 500 times to flood the database. The initial request you can resend multiple times of course. And it will reply with an encrypted session key. But there is nothing you can do with it. Because you can't decrypt the session key without the password. And without the session key you can't send a SQL query to the database. But if you send me some more details, I will take another look. For security related stuff I would prefer if you could send it via PM first, so that I have a chance to fix stuff before users might be affected. Dan Quote Link to post Share on other sites
Bot-Factory 602 Posted July 3, 2015 Author Report Share Posted July 3, 2015 >> Important <<I'm sending all important information's and updates via Email (Getresponse).When you purchase something from me, you will be added to our customer autoresponder automatically.Of course I will also post to the forum, but not everything I sent to my customers is for the public.So the email newsletter is the primary tool for all the communication! So please:1. Stay on that email List!2. Use an email address you actually monitor and read!3. Whitelist my email address by adding it to your address book dan(ad)bot-factory.comFor support contact the helpdesk via:support(ad)bot-factory.comThanks in advance for your understanding and continuous support!Dan Quote Link to post Share on other sites
Bot-Factory 602 Posted July 11, 2015 Author Report Share Posted July 11, 2015 End of Sales15 July 2015 Product is available for the next 3 days, then I will take it down.Existing customers will still get support if needed!I'm just re-prioritizing my projects currently. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.