Bitcoin Forum
January 23, 2020, 09:01:16 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 5 »  All
  Print  
Author Topic: MtGox source code leaked ...  (Read 18831 times)
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1006


Gerald Davis


View Profile
March 03, 2014, 06:19:17 PM
 #21

I prefer one monster super class...

Well I think we are done. 
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1579813276
Hero Member
*
Offline Offline

Posts: 1579813276

View Profile Personal Message (Offline)

Ignore
1579813276
Reply with quote  #2

1579813276
Report to moderator
1579813276
Hero Member
*
Offline Offline

Posts: 1579813276

View Profile Personal Message (Offline)

Ignore
1579813276
Reply with quote  #2

1579813276
Report to moderator
1579813276
Hero Member
*
Offline Offline

Posts: 1579813276

View Profile Personal Message (Offline)

Ignore
1579813276
Reply with quote  #2

1579813276
Report to moderator
Taras
Legendary
*
Offline Offline

Activity: 1372
Merit: 1039


Please do not PM me loan requests!


View Profile WWW
March 03, 2014, 06:20:43 PM
 #22

 Oh fuck. Now there is going to be a bunch of mini mtgoxes.
virtualprofit
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
March 03, 2014, 06:22:24 PM
 #23

Are you sur this code was not theft back in 2011 ?
windpath
Legendary
*
Offline Offline

Activity: 1256
Merit: 1022


View Profile WWW
March 03, 2014, 06:23:16 PM
 #24

Hey folks, new here and happen to also be a LAMP developer (not considering creating an exchange yet Wink...

I just wanted to jump in here and defend LAMP stacks.

Linux/Apache/MySQL/PHP (LAMP) CAN be highly secure depending on how the code is written.

This forum runs on PHP, most major banking site's fronted is PHP...

The problem comes in when people write insecure code, you can just as easily write insecure C+ or Python as insecure PHP...

I guess my point is dont bash the platform, bash the developer Wink
bananas
Sr. Member
****
Offline Offline

Activity: 336
Merit: 253


View Profile
March 03, 2014, 06:29:23 PM
 #25

I don't see any problem with the code,  the issues reported in the articles are just modern recommended programming practices. They do not mean the code by itself is wrong or unsafe.

Regarding that, the banking system is much worse, still lots of source using 'go to' labels in COBOL. Hopefully writen in the best programming practices from 1967.
virtualprofit
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
March 03, 2014, 06:34:06 PM
 #26

Quote
don't see any problem with the code,  the issues reported in the articles are just modern recommended programming practices. They do not mean the code by itself is wrong or unsafe.

I don't know PHP but for me in this code , you have not check for SQL inject in the SQL requests ?
BitCoinDream
Legendary
*
Offline Offline

Activity: 1554
Merit: 1025

The revolution will be digital


View Profile
March 03, 2014, 06:38:06 PM
 #27

As a website dealing with millions of user funds, their security should have been on par with that of big banks.

Does Deutsche Bank use php? Does HSBC use fucking MYSQL??? Do any of those banks comment out lines in production code for debugging?!?!?!?HuhHuh

Projects written by a single person don't need to be developed as academics say. If u were an owner of an exchange and didn't trust to any other coder u would go the same way.

That's exactly the problem, it shouldn't be written by only one clueless guy!!!

Let me tell u that I have worked with ING code and they use GOTO !!! This code is fine if it were written by Jed.

bananas
Sr. Member
****
Offline Offline

Activity: 336
Merit: 253


View Profile
March 03, 2014, 06:43:51 PM
Last edit: March 03, 2014, 06:56:58 PM by bananas
 #28

Quote
don't see any problem with the code,  the issues reported in the articles are just modern recommended programming practices. They do not mean the code by itself is wrong or unsafe.

I don't know PHP but for me in this code , you have not check for SQL inject in the SQL requests ?

By what i see the SQL queries in the source do not use any user provided data, so it does not require an injection check 'cause there is no such risk.

Edit: there is user provided data, but as of now i can't find any that could be used for injection, i.e. $btc would generate an error if it is anything other than an interger number.
MatthewLM
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000



View Profile WWW
March 03, 2014, 06:46:42 PM
 #29

If they were hacked that means something wasn't working properly (Is this really confirmed?). And obviously they didn't know how to handle bitcoin transactions properly. By no means has there been no problems, even if we ignore poor coding practises.

Bitcoin Extra Wallet | Peercoin Android Wallet
BTC: 1D5A1q5d192j5gYuWiP3CSE5fcaaZxe6E9  PPC: PH7fVn1Xs7nkUFmdwCX2ZRYfLPCSwGxAq9
Maged
Legendary
*
Offline Offline

Activity: 1204
Merit: 1006


View Profile
March 03, 2014, 06:47:30 PM
 #30

Are you sur this code was not theft back in 2011 ?
That was my thought. Does anyone know what the Eligius-MtGox partnership was formed? I know that it was it 2011, I just don't know the exact day.

It was estimated that MtGox was hacked by no less than 10 separate groups back in 2011 (one of which leaked the user DB, as we all know), so this could absolutely still be fallout from that.

rayfloyd
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
March 03, 2014, 06:52:05 PM
 #31

If they were hacked that means something wasn't working properly (Is this really confirmed?). And obviously they didn't know how to handle bitcoin transactions properly. By no means has there been no problems, even if we ignore poor coding practises.

The reason and the how to of the hack might not be poor [or not] web backend. It could also be bad sys admin and bad system security or even just internal.

acoindr
Legendary
*
Offline Offline

Activity: 1050
Merit: 1001


View Profile
March 03, 2014, 06:52:50 PM
 #32

Hey folks, new here and happen to also be a LAMP developer (not considering creating an exchange yet Wink...

I just wanted to jump in here and defend LAMP stacks.

Linux/Apache/MySQL/PHP (LAMP) CAN be highly secure depending on how the code is written.

This forum runs on PHP, most major banking site's fronted is PHP...

The problem comes in when people write insecure code, you can just as easily write insecure C+ or Python as insecure PHP...

I guess my point is dont bash the platform, bash the developer Wink

I agree. I'm getting a bit tired of people who language bash. For example, DeathAndTaxes, whom I respect is killing MtGox in this thread, but he hasn't once faulted the language of choice. Often people who bash don't have much achievement of their own which they can point to, which is telling.

Mysql? php??? For a multi-million dollar website?!?!?!? WTF!!!

Umm, Facebook was built on PHP and they just bought a company for $19 billion. Magento, also built on PHP, was bought by eBay for $180 million. Which apps have you done lately that are worth millions of dollars?

A good programmer can usually do well with most any language, although some may be better fits for a given application. It depends more on style and preference, which is why Google, which probably knows a thing or two about software, allows people to write in the language of their choice for their annual Code Jam with $15K prize. They are not so ignorant as to think various programming languages, which are just tools, can't be used effectively.
romerun
Legendary
*
Offline Offline

Activity: 1078
Merit: 1001


Bitcoin is new, makes sense to hodl.


View Profile
March 03, 2014, 06:58:37 PM
 #33

no wonder why they could not turn LTC switch on, their code is too mess to add another currency
noob2001
Hero Member
*****
Offline Offline

Activity: 574
Merit: 501


View Profile WWW
March 03, 2014, 06:59:23 PM
 #34

cool.
i can use this to setup my own exchange
zunath
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
March 03, 2014, 07:04:19 PM
 #35

I think what concerns me more than anything is that they're rounding some of their values.
MashRinx
Sr. Member
****
Offline Offline

Activity: 390
Merit: 250



View Profile
March 03, 2014, 09:06:50 PM
 #36

I think what concerns me more than anything is that they're rounding some of their values.


lemfuture
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500


View Profile
March 03, 2014, 09:11:03 PM
 #37

i thought the ceo is a tensai?

1ADLcfwTofFXb95pKhebpeRkJ4WTWsvQXB
kuroman
Hero Member
*****
Offline Offline

Activity: 588
Merit: 501


View Profile
March 03, 2014, 09:16:20 PM
 #38

Glad I didn't complet my registration ont heir website, I was about to sent them my passport, and what's not info, and when I saw how complex the process compared back I back peddaled and didn't confirm the uploaded documents I uploaded at the time
QuestionAuthority
Legendary
*
Offline Offline

Activity: 2100
Merit: 1375


You lead and I'll watch you walk away.


View Profile
March 03, 2014, 09:30:20 PM
 #39

Isn't it convenient that the Gox source code is leaked right after his appeal to the bankruptcy court. That seems to substantiate Karpeles claim that he was hacked and just a poor innocent victim. Very tidy.

cozk
Hero Member
*****
Offline Offline

Activity: 770
Merit: 500



View Profile
March 03, 2014, 09:44:11 PM
 #40

Isn't it convenient that the Gox source code is leaked right after his appeal to the bankruptcy court. That seems to substantiate Karpeles claim that he was hacked and just a poor innocent victim. Very tidy.

+1

Hes a rich man now.
Pages: « 1 [2] 3 4 5 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!