Montego Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic
Author Message
Slackervaara
Newbie
Newbie



Joined: Nov 03, 2007
Posts: 126

PostPosted: Tue Mar 18, 2008 2:08 am Reply with quote

I think I have read somewhere that Shortlinks enhance the security of a site and I would be grateful, if I could get it confirmed and explained.


Last edited by Slackervaara on Tue Mar 18, 2008 4:22 am; edited 1 time in total 
View user's profile Send private message
Guardian
Site Admin
Site Admin



Joined: Jul 18, 2005
Posts: 397

PostPosted: Tue Mar 18, 2008 4:19 am Reply with quote

I guess that in a round about way it might be possible.
For example, someone might be conducting a cross site scripting attack on a specific file but because some of the characters within that url are re-written, they might end up with a 404 error as their 'target' file doesn't exist (it has been re-written).
Obviously, that is only theoretical and most exploits are aimed at admin functions which are not re-written.
 
View user's profile Send private message
montego
Site Admin/Owner
Site Admin/Owner



Joined: Feb 12, 2005
Posts: 1399

PostPosted: Tue Mar 18, 2008 6:35 am Reply with quote

Well, you certainly would not have read it from me as I never even considered it before.

I suppose it is possible if only for the most novice hackers who could use search engines to find certain exploits. There are web sites out there (I will not divulge them) that collect search engine query strings for known exploits so hackers can find the "easy prey". However, all it takes is for these sites to also collect the shortened link equivalents and that benefit evaporates.

But, that is only those trying to find your site with search engines and specific exploits that you might have such as any add-ons with security holes in them. So, I guess, to some degree I agree with the statement.

Now for the other end of the coin. If a hacker has already targeted your site, then this does not matter. The reason is that both the shortened link as well as the full original link will work just the same (for the standard link, however, hackers could also try to inject addition variables for which only a full URL will work for them). So, if they can find the hole, it doesn't matter whether you have ShortLinks or not.

Hope this helps.

Edited: I added a parenthetical remark in the second to the last sentence in the fourth paragraph.

_________________
“To err is human, but when the eraser wears out ahead of the pencil, you’re overdoing it.”
-- Josh Jenkins 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 4 Hours
 
Forums ©
linear-bunch
linear-bunch