vBulletin Mods

The Official vBulletin Modifications Site

Protecting plugin and template table with Triggers & Signals
by Jafo232
05 Sep 2012 19:58

Here is a product I put together for vb3 (free) that some of you might find interesting. The plugin protects the plugin and template table from being hacked by using triggers and signals to authenticate a valid user.

Basically once the administrator area properly authenticates a user, it sets a secret session variable in MySQL. Unless that variable is defined, the trigger will not allow the protected tables to be altered.

Considering that I can see no reason why these tables should be modified in any way unless the user is in the admincp, I think it will help a lot with injection attacks.. Works on VB4 too:



All times are GMT. The time now is 19:16.

Powered by vBulletin® Version 3.8.14
Copyright © 2021, MH Sub I, LLC dba vBulletin. All Rights Reserved. vBulletin® is a registered trademark of MH Sub I, LLC
Copyright ©2001 - , vbulletin.org. All rights reserved.