CPG Dragonfly™ CMS ⇒ Forums ⇒ CMS (All) ⇒ Security :: Archives ⇒ $DeniedUserNames and _bbdisallow

$DeniedUserNames and _bbdisallow :: Archived
Post any security related questions in here.
Please send discovered reports to security @ cpgnuke.com
Do Not post links to exploits or hacker sites - your post will be edited/deleted.
If you think you've been hacked, FIRST go through your server logs.

Forum Index ⇒ Security

Topic Archived

View previous topic :: View next topic

Author

Message

BrokenCrust
500+ Posts Club

Offline
Joined: Sep 06, 2004
Posts: 503

Posted: Tue Jan 16, 2007 9:30 pm
Post subject: $DeniedUserNames and _bbdisallow

How come the _bbdisallow table is no longer used to control banned usernames?

It looks like only the list in config.php is used to build a list of usernames that are forbidden.

This seems like a backward step in security and it also means that although the Members Delete module can add deleted members names to the _disallow table these will never be used and that this table is now redundant.

Is it possible to add this back in to the registration process (in the userCheck function) ? In fact wouldn't it be better to stick all the hardcoded names in config.php into the _bbdisallow table? That way we can have a nice admin interface to add usernames to the list.

BrokenCrust please enter your server specs in your user profile! Crying or Very sad

Forum Index ⇒ Security
Page 1 of 1

All times are GMT

Archive Revive
Username:
This is an archived topic - your reply will not be appended here. Instead, a new topic will be generated in the active forum. The new topic will provide a reference link to this archived topic.