• Welcome to Final Fantasy Hacktics. Please login or sign up.
 
March 29, 2024, 10:06:37 am

News:

Please use .png instead of .bmp when uploading unfinished sprites to the forum!


Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - evisceratus

1
News / Re: Welcome to Our New Server!
March 17, 2020, 12:03:35 pm
Not a problem, @Xifanie. Glad to help!
2
News / Re: Welcome to Our New Server!
March 15, 2020, 08:34:09 pm
First post. Not sure if you're taking security bugs here, but hopefully these are easy fixes on your end. If not, please feel free to delete. Please see attached.

There are two cookies without recommended flags. First of which is PHPSESSID which lacks HttpOnly, Secure, and SameSite. The second, SMFCookie451 lacks Secure and SameSite.

Briefly, HttpOnly prevents arbitrary JavaScript from reading the contents of a given cookie. Secure instructs the browser that only HTTPS connections can read a given cookie. And finally, SameSite (set as Strict) enforces that cookies can only be read in a first-party context.

All of these flags should be set, if possible, for session (and session-like) cookies.

EDIT: The homepage is also loading mixed HTTP/HTTPS content which potentially could degrade the security benefits of going HTTPS. Specifically -

Affiliates

<a href="http://www.ff6hacking.com/"><img class="af" src="http://www.ff6hacking.com/FF6Hacking.gif"; alt="FFVI Hacking" title="FFVI Hacking" /></a>

<a href="http://www.humanbalance.net/gale/us/"><img class="af" src="http://www.humanbalance.net/gale/pics/Galeban88x31.gif"; alt="Graphics Gale" title="Final Fantasy Hacktics recommends GraphicsGale for spriting." /></a>


<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.w3.org/Icons/valid-xhtml10"; class="af" alt="Valid XHTML 1.0 Transitional" /></a>

<a href="http://jigsaw.w3.org/css-validator/check/referer"><img class="af" src="http://jigsaw.w3.org/css-validator/images/vcss"; alt="CSS Valide !" /></a>