ShoutBox
Welcome Guest, login to shout.
ShoutBox Rules, Read Before Posting.
[05-18, 9:03 PM] Chris
: See here.
[05-18, 8:55 AM] Tias
: any tutorials on how to setting the website up
[05-05, 11:21 PM] Chris
: That's not a bug, that's how it was intended to function originally. For a temporary fix until it's updated for modern standards, you can make a new BBCode.
[05-04, 7:08 AM] Thewizad
: Guys, how can i fix the changelog bug?
When i created/edited the changelog as i want, it displays as a giant block/sentence and i don't want it like this, please help <3
[05-02, 3:23 PM] Chris
: All unactivated accounts that are older than five days have been removed. Please activate your account as soon as possible to avoid this happening.
[04-24, 8:20 PM] Do0dles
: anyone have vote cool down script?
[04-15, 5:30 PM] Chris
: @Benethus Please be sure to read the Shoutbox Rules.
[04-14, 11:50 PM] Benethus
: Anyone had the issue that webstore sends duplicate amount of item ingame while using RA?
[04-11, 2:31 PM] Chris
: Hi Billy.
[04-11, 2:12 PM] Billy
: Hello? Lookin forward for any staff member.
[04-07, 1:10 AM] Chris
: If you're unsure of how to download Escalation, you'll just need to go to the UCP and click on 'Download Licenses' to view all of the ones you have licensed to you.
[04-07, 1:09 AM] Chris
: Hey Orion, I checked the ACP. It appears you did manage to purchase Escalation at 8:43PM PDT.
[04-06, 8:48 PM] Orion
: I WOuld Like to Buy The Escalation Theme and Customize it a little bit for my Server but i have pay my cretid and i can't buy it..
[03-27, 4:27 AM] System
: The ShoutBox has been truncated.

Join Date: Jun 08, 2016
Location:
Posts: 2
How secure is AzerCMS?
Posted 06-10-16, at 11:14 AM.

Please Register or Login to remove ads.

Hi there,

I noticed that AzerCMS does not use PDO to sanitize SQL Queries before sending them. Doesn't this possess a security risk? As whole, how secure is the CMS? What steps are taken to secure it? Thanks!
Join Date: Jul 07, 2012
Location: Azer CMS
Posts: 1148
How secure is AzerCMS?
Posted 06-11-16, at 7:52 PM.
The CMS uses several functions to protect against SQL Injections. The functions differ depending on the query, for example when it comes to Username(s) and Password(s), the CMS uses the following function:

Username & Password

function clean($value)
{
$_CLEAN = preg_replace("/[^A-Za-z0-9]/", "", $value);

if(empty($_CLEAN))
{
return FALSE;
}
else
{
return $_CLEAN;
}
}

The function as seen above, allows only alphanumeric characters.
Join Date: Jun 08, 2016
Location:
Posts: 2
How secure is AzerCMS?
Posted 06-11-16, at 9:30 PM.
That's a way to sanitize the query. However, just out of curiosity, is there any reason you didn't go with PDO seeing as it does this sort of thing automatically?
Join Date: Jul 07, 2012
Location: Azer CMS
Posts: 1148
How secure is AzerCMS?
Posted 06-16-16, at 5:14 PM.
There was no real reason to use PDO, and PDO is still subject to SQL injections unless handled properly.

^ Advertise Here.