|
|
|
Recent Brotherhood News
News Feed :: Current DB Date and Time: 10/13/2008 4:32:21 AM EST :: Fiction Year: 29 ABY
expand all
::
contract all
-
The Report Administration script has been fixed and should no longer knock you for SQL Injection.
Note: I've taken out the requirement that you put in your password in order to submit a report. Initially, the password was to protect people from session timeouts while writing reports. We extended the session times a while back, so that should no longer be a problem. If it is, let me know and I'll re-add the password field. It's probably a good idea to write your reports in a text editor first, anyway.
Let me know if the script gives you any trouble.
Jac -
I've fixed the medal and promotion recommendation scripts so that they aren't run through the firewall. Please resubmit any promotions that got refused by the scrubber.
Jac -
Hey everybody - and especially those wishing to join!
There is currently a problem with the dossier activation process that disallows new members from activating their dossiers. We're working to correct it ASAP. In the meantime, please be patient. Current members, if you recruited someone, please let them know what's going on and ask them to be patient while we fix this. Thanks!
DJM Syn Kaek
Master At Arms
UPDATE: Fix0r3d -
I've just launched some new code onto the site that will, hopefully, keep the SQL Injectors from damaging the site. What I've done is placed some code at the top of every page that examines each piece of data that is sent to the website server. There are specific key words and characters that the "scrubber" or "firewall" catches. Those are the pieces of the SQL Injector code that are readily identifiable.
Unfortunately, for the time being this new code is going to cause a lot of "false positive" rejections. You may accidentally enter one of the more common characters that is in the script. I'd tell you what they are, but then I wouldn't be able to post this. :) How about 1337 speak: 3x3cut3 is a bad word.
There will also be some scripts that just fail because of the coding in them.
As I confirm that scripts are not subject to an vulnerabilities, I will dumb down the scrubber or take it off of the script completely. I will start with the most common scripts, like the news and comments. It will take some time to work through them. But, I get a notification every time the firewall picks up bad input, so I can tell easily what needs to be fixed.
Since I launched the code 3 hours ago, it's already rejected 7 SQL Injector attacks.
Jac
expand all
::
contract all
Brotherhood Leadership
GM Darth Sarin
Deputy Grand
DGM Muz Keibatsu Sadow
Council Members
MAA Syn Kaek
HM Aabsdu di Plagia Dupar
HRLD Shikyo Sasuke Keibatsu
SCL Jac Cotelin
JST Kir Katarn
Arcona CON
Sashar Arconae
Naga Sadow CON
Robert Sadow
Plagueis CON
Braecen Kaeth
Scholae Palatinae CON
Phoenix d'Tana Palpatine
Taldryan CON
Chaosrain Taldrya
Tarentum CON
Anshar Kahn Tarentae
Society Leaders
CM Sith Bloodfyre-Tarentae
CoJ
JST Kir Katarn
RHoJ Astronicus "Tron" Aurelius Sadow
LHoJ Malisane De Ath
Praetorian Diet
P:GM Raken
P:DGM Paladin
P:MAA Hel-Pa Sklib
P:HM Dacien Victae di Plagia
P:HRLD Raven
P:SCL Syn Kaek
Copyright © 1995-2008 Dark Jedi Brotherhood
Site Maintained by the Seneschal
"Odyssey" layout made by Jac Cotelin