|
allten (OP)
|
 |
September 07, 2011, 12:14:14 AM |
|
Need some general direction to start an exchange.
I haven't coded web pages or PHP for a very long time.
I was thinking a long the lines of a LAMP server.
Is that a good idea? I assume its security is as good as it is set up.
Problem is, I've never done it before.
Any input appreciated to get me started in the right direction.
|
|
|
|
|
|
|
Xenland
Legendary
 Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
September 07, 2011, 02:49:03 AM |
|
Need some general direction to start an exchange.
I haven't coded web pages or PHP for a very long time.
I was thinking a long the lines of a LAMP server.
Is that a good idea? I assume its security is as good as it is set up.
Problem is, I've never done it before.
Any input appreciated to get me started in the right direction.
This is just me but if your not up to par with php security techniques I would suggest hiring a coder. I've been PHP programming as a hobby for 8 years, not just a hobby but like a passion i would say I digress, I always program with security in mind even if its a "dinky" little project but as much as I research about XSS attacks and mysql injection attacks and every-other attack out their I still don't know everything, this is why i suggest hiring a coder becuase it doesn't look good when you get GOXED or anything of the sort that will make people very pissed off at you. Or get PHP5 book that is specifically written with security in mind would help! I've recommend PHP5 by O'reilly but I'm sure their are better books out there |
|
|
|
|
wannaBhacker
Member
Offline
Activity: 96
Merit: 10
|
|
September 07, 2011, 08:09:35 PM |
|
Need some general direction to start an exchange.
I haven't coded web pages or PHP for a very long time.
I was thinking a long the lines of a LAMP server.
Is that a good idea? I assume its security is as good as it is set up.
Problem is, I've never done it before.
Any input appreciated to get me started in the right direction.
This is just me but if your not up to par with php security techniques I would suggest hiring a coder. I've been PHP programming as a hobby for 8 years, not just a hobby but like a passion i would say I digress, I always program with security in mind even if its a "dinky" little project but as much as I research about XSS attacks and mysql injection attacks and every-other attack out their I still don't know everything, this is why i suggest hiring a coder becuase it doesn't look good when you get GOXED or anything of the sort that will make people very pissed off at you. Or get PHP5 book that is specifically written with security in mind would help! I've recommend PHP5 by O'reilly but I'm sure their are better books out there Xenland- really? The last post on your open source project https://bitcointalk.org/index.php?topic=10617.260 Shows that you are taking raw Get requests and passing them directly to MySQL. It also says you have a vulnerability regarding password resets. These were posted almost a month ago and you haven't bothered to update them in Github. An 8 year veteran with a security mind probably wouldn't build the SQL Injection issues into the earlier versions of his code. Those simple things would just be the way it is programmed. If you want to know how to start an exchange you're probably not ready to start an exchange without getting some solid minds behind you. Just because someone says they are a PHP veteran with 8 years experience doesn't mean they are other. You can be anything you want to on the internet and that's probably why so many coins are stolen. |
|
|
|
|
Xenland
Legendary
Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
September 07, 2011, 08:19:02 PM |
|
Need some general direction to start an exchange.
I haven't coded web pages or PHP for a very long time.
I was thinking a long the lines of a LAMP server.
Is that a good idea? I assume its security is as good as it is set up.
Problem is, I've never done it before.
Any input appreciated to get me started in the right direction.
This is just me but if your not up to par with php security techniques I would suggest hiring a coder. I've been PHP programming as a hobby for 8 years, not just a hobby but like a passion i would say I digress, I always program with security in mind even if its a "dinky" little project but as much as I research about XSS attacks and mysql injection attacks and every-other attack out their I still don't know everything, this is why i suggest hiring a coder becuase it doesn't look good when you get GOXED or anything of the sort that will make people very pissed off at you. Or get PHP5 book that is specifically written with security in mind would help! I've recommend PHP5 by O'reilly but I'm sure their are better books out there Xenland- really? The last post on your open source project https://bitcointalk.org/index.php?topic=10617.260 Shows that you are taking raw Get requests and passing them directly to MySQL. It also says you have a vulnerability regarding password resets. These were posted almost a month ago and you haven't bothered to update them in Github. An 8 year veteran with a security mind probably wouldn't build the SQL Injection issues into the earlier versions of his code. Those simple things would just be the way it is programmed. If you want to know how to start an exchange you're probably not ready to start an exchange without getting some solid minds behind you. Just because someone says they are a PHP veteran with 8 years experience doesn't mean they are other. You can be anything you want to on the internet and that's probably why so many coins are stolen. Exactly well I don't go the mile for un-paid projects I just write then with security in mind. I had better things to do like CheaperInBitcoins.com I paid testers/hackers to attempt to gain access to my database and the whole website came back clean at best, someone was able to display JavaScript codes, but only to him self. LOL Thanks for bringing back the nostolgia of my MiningFarm days bra! But yeah the user "wannaBhacker" for somereason took my suggestion and made his suggestion so I'll stroke his ego and agree with the suggestion he suggested, your basically not ready to create an exchange unless you hire a coder(i could have sworn I said this in my first post?) |
|
|
|
|
wannaBhacker
Member
Offline
Activity: 96
Merit: 10
|
|
September 07, 2011, 08:29:37 PM |
|
Exactly well I don't go the mile for un-paid projects I just write then with security in mind. I had better things to do like CheaperInBitcoins.com I paid testers/hackers to attempt to gain access to my database and the whole website came back clean at best, someone was able to display JavaScript codes, but only to him self. LOL Thanks for bringing back the nostolgia of my MiningFarm days bra!
But yeah the user "wannaBhacker" for somereason took my suggestion and made his suggestion so I'll stroke his ego and agree with the suggestion he suggested, your basically not ready to create an exchange unless you hire a coder(i could have sworn I said this in my first post?)
What? That's what you got from my post? You ignore security on your free projects? That just sounds stupid. Maybe English isn't your first language so I'll chalk that up to a translation error. SQL Injection prevention is PHP / MySQL 101. If you skip that on your free projects remind me to never both with any of your paid products. 8 years experience my ass. Why would someone tell you about a security loophool for your bounty of bitcents? When they can wait for customers to access your site and potentially steal thousands? Bravo brains. If you want to make a security bounty worthwhile put some real money behind it. Otherwise real hackers will cash in when its worth it to them. |
|
|
|
|
Xenland
Legendary
Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
September 07, 2011, 08:38:35 PM |
|
Exactly well I don't go the mile for un-paid projects I just write then with security in mind. I had better things to do like CheaperInBitcoins.com I paid testers/hackers to attempt to gain access to my database and the whole website came back clean at best, someone was able to display JavaScript codes, but only to him self. LOL Thanks for bringing back the nostolgia of my MiningFarm days bra!
But yeah the user "wannaBhacker" for somereason took my suggestion and made his suggestion so I'll stroke his ego and agree with the suggestion he suggested, your basically not ready to create an exchange unless you hire a coder(i could have sworn I said this in my first post?)
What? That's what you got from my post? You ignore security on your free projects? That just sounds stupid. Maybe English isn't your first language so I'll chalk that up to a translation error. SQL Injection prevention is PHP / MySQL 101. If you skip that on your free projects remind me to never both with any of your paid products. 8 years experience my ass. Why would someone tell you about a security loophool for your bounty of bitcents? When they can wait for customers to access your site and potentially steal thousands? Bravo brains. If you want to make a security bounty worthwhile put some real money behind it. Otherwise real hackers will cash in when its worth it to them. You seem to think I solely rely on the operation of my PHP coding skills. Not true, just like any web software I would personally audit all outgoing and incoming transactions just as I'm doing right now. I have honey-pots planted not just in the programming but in the way I do business, I'm waiting for people to attempt to steal from me so I can catch it and patch up the holes personally my self before I lose any money. Let me just translate what I just said in this post "I feel as if I'm way more intelligent then I did 5 minutes ago, just by what you said". |
|
|
|
|
wannaBhacker
Member
Offline
Activity: 96
Merit: 10
|
|
September 07, 2011, 08:46:35 PM |
|
You seem to think I solely rely on the operation of my PHP coding skills. Not true, just like any web software I would personally audit all outgoing and incoming transactions just as I'm doing right now. I have honey-pots planted not just in the programming but in the way I do business, I'm waiting for people to attempt to steal from me so I can catch it and patch up the holes personally my self before I lose any money.
Let me just translate what I just said in this post "I feel as if I'm way more intelligent then I did 5 minutes ago, just by what you said".
Okay. This just keeps getting better. Not only do you ignore security 101 on free projects because they are not important. Nope, it gets better. In your paid projects- you put in exploits so that you can monitor them and then patch them up afterwards? I could only hope that users see this thread before they use your site. Too bad they will trust your lack of security skills because they read your sig line that says you are an 8 year PHP veteran. What a joke. Take your github repository down before someone loses coins because of you. |
|
|
|
|
Xenland
Legendary
Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
September 07, 2011, 09:19:30 PM |
|
You seem to think I solely rely on the operation of my PHP coding skills. Not true, just like any web software I would personally audit all outgoing and incoming transactions just as I'm doing right now. I have honey-pots planted not just in the programming but in the way I do business, I'm waiting for people to attempt to steal from me so I can catch it and patch up the holes personally my self before I lose any money.
Let me just translate what I just said in this post "I feel as if I'm way more intelligent then I did 5 minutes ago, just by what you said".
Okay. This just keeps getting better. Not only do you ignore security 101 on free projects because they are not important. Nope, it gets better. In your paid projects- you put in exploits so that you can monitor them and then patch them up afterwards? I could only hope that users see this thread before they use your site. Too bad they will trust your lack of security skills because they read your sig line that says you are an 8 year PHP veteran. What a joke. Take your github repository down before someone loses coins because of you. You have no idea what your talking about. 1] I never said "Implated", I said "I'm waiting for people to attempt to steal from me..." 2] I don't get your argument about the free thing, I suppose your wealthy enough to invest all your time on... what ever it is that you do... but I myself don't have enough to waste time on free(as in ROI gain) projects, I'm actually currently wasting my time investing in getting the Bitcoin cash flow going by supplying items for bit-coiners. Not sure if you noticed but prices are getting low, and in my opinion its because bitcoin isn't worth squat, so sorry for taking my hard-earn money and taking a huge risk in trying to start a business to make bit-coins worth-something. 3]I don't store coins on my CheaperInBitcoins.com server its gets sent to an offline wallet. 4]Here is a dinasaur hug becuase I think you didn't get enough attention when you were young,  5]A honey-pot is a system were your system makes hackers believe they are into your admin panel or ssh tunnel when really its all "simulated" while the hacker is going through the simulation I'm tracking IP addresses and watching what the hacker is after and or attempting to change. |
|
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1007
1davout
|
|
September 07, 2011, 09:22:41 PM |
|
Aww, can I have one too please ? <3 |
|
|
|
Xenland
Legendary
Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
September 07, 2011, 10:05:45 PM |
|
Aww, can I have one too please ? <3 of course you can have some dianasuar hug!  FREE DINO-HUGS!! Hey that could be a shirt slogan!  |
|
|
|
|
Xenland
Legendary
Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
September 08, 2011, 12:02:24 AM |
|
just thought I'd like to let some people know that cheaperinbitcoins has over 22BTC invested in it.... go check glbse.com  No more stocks needed yet |
|
|
|
|
Xenland
Legendary
Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
September 08, 2011, 03:52:56 AM |
|
Here is an excellent video that reminds me of someone in this particular thread, no names or nothing *whistles http://youtu.be/GL3tlVDcg1I |
|
|
|
|
brandon@sourcewerks
Member
Offline
Activity: 62
Merit: 10
|
|
September 08, 2011, 12:17:31 PM |
|
I would suggest doing a "hack-a-thon" like Xenland did before going live with any type of site. Much better for us to point out flaws/holes in your system before going live. As for just worrying about PHP security, there are many other angles of attack that need constant attention and monitoring.
And IMO, an exchange will be a prime target since you will be holding BTC.
|
|
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1007
1davout
|
|
September 08, 2011, 12:46:42 PM |
|
I would suggest doing a "hack-a-thon" like Xenland did before going live with any type of site. Much better for us to point out flaws/holes in your system before going live.
A hackathon is actually a pretty retarded idea since nothing guarantees that flaws will be reported instead of being exploited after the launch. |
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1007
1davout
|
|
September 08, 2011, 01:00:57 PM |
|
I would suggest doing a "hack-a-thon" like Xenland did before going live with any type of site. Much better for us to point out flaws/holes in your system before going live.
A hackathon is actually a pretty retarded idea since nothing guarantees that flaws will be reported instead of being exploited after the launch. +1. I was about to say that, but chose to show Gumby instead since this thread is retarded. Well, "retarded" might be a bit strong, I mean that it can be a good idea in *some* cases, but for an exchange it is not. |
|
|
|
|
