Login

**trewq** · 01-06-2010, 02:51 PM

(01-06-2010, 02:09 PM)hankinator Wrote: Out of curiosity, what would you have to prevent? because my friend and I are designing a linux + windows game server panel. What would we have to protect against?

SQL injection is a big one.

hankinator · 01-09-2010, 03:37 AM

Yeah that makes sense. How to you stop/prevent that from happening?

loopyman · 01-09-2010, 05:16 AM

http://lmgtfy.com/?q=Prevent+SQL+Injection

Toungue

Nisd · 01-09-2010, 06:51 AM

(01-09-2010, 03:37 AM)hankinator Wrote: Yeah that makes sense. How to you stop/prevent that from happening?

Writing good code Smile

hankinator · 01-09-2010, 10:44 AM

Fail. lol. Thanks, is there anything else I should google?

ilinx · 01-11-2010, 09:10 AM

Well ive seen a swiftpanel site get completely destroyed due to a shell that was placed on the webserver, i suppose ssl on the panel could prevent that. You would also want to at least hash the passwords twice, the control panel that i've designed hashes passwords 6 times using a random combination of 2 different hashes.

Furthermore, you want to protect against url injection(although it may seem like a noob thing, you'd be surprised at how many people leave this), you would also want to tie all loose ends in your script so that no one can access what they shouldn't be looking at, ie if you have a folder with classes, make sure the htaccess denies all connections for that folder or else people are going to be sniffing up your code.

Generally a good rule of thumb is to not get into something like a control panel (at least if its commercial, i know mine is) unless you fully know what your doing.

-iLinx

hankinator · 01-11-2010, 02:06 PM

I knew most of those and we already hash the passwords. I'm still going to give it a shot and see what happens none the less though.

ilinx · 01-12-2010, 02:20 AM

hashing a password once is futile, the password can easily be determined using brute forcing techniques if a hacker gains access to the hash.
you also need to prevent against bruteforce on the actual site, using a timeout-ban rule, having the panel directly ban the ip address on the webservers firewall is much more effective than banning it in a database (it would save b/w)
additionally theres alot of information on the net about closing up security exploits for different web languages, so i would just search a bit to make sure everythings secure serverwise when your panel is completed

oh and phpmyadmin and mysql connections are not secure by default, make sure you encrypt them or setup a firewall rule to only allow local connections to the database if your using that kind of setup

hikafer · 01-12-2010, 04:55 AM

GamePanelX is not bad and its opensource.

But i think there is no really need of a gamepanel.

http://www.gamepanelx.com/

Login
Username:
Password:	Lost Password?
	Remember me