Stopping people from brute forcing URL / UUIDs |
[eluser]dcunited08[/eluser]
Have you ever thought of keeping taps on the last page and allow access to each of these pages only through certain pages (main page, search, etc.)? I used to work on a web scanner and it figured out really quickly when the site allowed incrementing to pull the next page but tended to run into issues if there was an order required to access certain pages.
[eluser]RS71[/eluser]
Thank you all for your replys @dcunited08 I sorta had this in mind, I'm a bit hesitant though... would it affect performance too much? Also, how do you suggest I go about this?
[eluser]dcunited08[/eluser]
RS71, Something like the following: Code: //fires on hook post_controller The biggest problem with this option is that the user can not use a link to the page. I am not sure why you are attempting to do this, it may anger your customers but this is how I would do it.
[eluser]dcunited08[/eluser]
Another option I just thought of would be to change the link by multiplying a large number and the id and then dividing to find the ID on the next request. Code: // for link Almost all options could be figured out and automatically replicated but the time it takes to figure it out, without a tool, is much greater. |
Welcome Guest, Not a member yet? Register Sign In |