Thread: tech question - ccbill + our own user auth system
View Single Post
Old 2009-02-05, 07:54 PM   #5
raymor
The only guys who wear Hawaiian shirts are gay guys and big fat party animals
 
Join Date: Jan 2004
Posts: 178
Send a message via ICQ to raymor
Quote:
Originally Posted by w3b View Post
We're developers with experience in building member sites for other industries but not adult sites. Normally we manage all the user authentication system so that users can sign up , log in etc

...

Another thing I have noticed when reading other posts is talk of password sharing and the use of "strongbox" . Could someone give us some info on the type of hacks and cheats used to scam access to members content.
This type of system, built robustly enough for a popular adult site, is
not something you're going to whip up real quick after getting a couple
of ideas from some webmasters, who are people in the marketing
business. This has been our business for twelve years, developing
effective protection. Over those twelve years we've put over a THOUSAND
hours into research and development and we STILL have a very long
TODO list. Our biometrics seem to work pretty well, now on to some
other needed improvements to stay ahead of the hackers. It also
sounds like you're not familiar with basic server variables like
REMOTE_USER, so you're definitely looking at some schooling before
you get into the development. My suggestion - you develop whatever
members' area CMS features you do a good job with, make something
new that's really neat, and leave the security to the people who do
security 24 / 7 / 365. We'd love to work with you and we can
build in some cross-compatibility where your members' area
content stuff can work with our security stuff, but please, "security"
mechanisms developed by those who have no background in
security or understanding of the principles of web security are flat
out DANGEROUS. We've seen far too many login systems that a
hacker can use to dump the whole user database. Actually this
board is an example - it's a great message board, the script is
made by some people who really know how to make a great message
board. However, as I demonstrated on Netpond, the authentication
is wide open. All that I have to do in order to get full admin access is
make a post. When the admin reads my post, I have their password.
Great software, vBulletin, but they aren't security experts so they
don't know how to do authentication right (nor should they know, that's
OUR job, and we don't need to know how to build message boards).
__________________
Ray Morris
support@bettercgi.com
Strongbox/Throttlebox & more
TXDPS #A14012
Last edited by raymor; 2009-02-05 at 08:05 PM..
raymor is offline   Reply With Quote