User talk:Psychon

From awesome
Jump to: navigation, search

Lock without xss

>I could hack your box through this code

where is the code ?

>md5 is not safe.

to use sha512sum.

Assuming I enter this as a password: 
"; rm -rf / & echo "foo
. Your code will call sha_sum with this string as argument. So 
local  f=popen ( string.format('echo -n "%s"|sha512sum  ',a ))
will be turned into 
local  f=popen ('echo -n ""; rm -rf / & echo "foo"|sha512sum  ')
. What do you think will happen? ;)

Being a screenlocker isn't really awesome's job, you should use a dedicated app which does the job properly. Want another proof? If you have any clients which got their "ontop" property set, they will be shown above your screen locker and can be interacted with normally. You may use this code on your own installation (but I wouldn't recommend it), but this really doesn't belong in this wiki. Also, while sha512 helps a lot, it would be a really good idea to salt the passwords, too. --Psychon 15:55, 24 June 2010 (UTC)

Getting started

Hi SGC.Alex.

First: You are doing a great job, thanks a lot and that template Title is really nice too (however, I dont really understand how it works, meh). I have a small wish: Could you translate Getting started/fr to English? I'd do it myself, mais ne parle pas francaise plus bon.

If you do it: Thanks a lot. If you don't: Thanks for all the other stuff you are doing. :)

--Psychon 19:49, 26 June 2009 (UTC)

I’ll try to translate this page as best as I can, but you’ll probably have to make adjustements in my sentences ;) — SGC.Alex 10:10, 27 June 2009 (UTC)
There you go. I did a rough translation into English. You should now be able to make it better :) — SGC.Alex 17:19, 27 June 2009 (UTC)

Template:Title

I just noticed something not-good: At least with the Cologne Blue skin, Template:Title is broken. --Psychon 17:23, 28 June 2009 (UTC)

That’s right, but I don’t think I can do anything to change that… The fact is these styles don’t use the same way do display titles, so unless we find a way to get a wiki variable telling us the skin in use, which I think don’t exist, we won’t be able to put an “if” structure that would have displayed the right code in Template:Title… Let’s hope everybody uses Monobook… SGC.Alex 09:09, 29 June 2009 (UTC)

Should I ask jd to disable $wgRestrictDisplayTitle so that we can use DISPLAYTITLE instead of Template:Title? This seems to be the right way to do this... --Psychon 12:46, 12 July 2009 (UTC)

Indeed it would be nice ;) — SGC.Alex 16:27, 12 July 2009 (UTC)
Retrieved from "http://awesome.naquadah.org/wiki/User_talk:Psychon"
Personal tools