|
|
|
|
|
|
by krapp
3969 days ago
|
|
|
Probably. If they're not using PDO then that needs to be their first priority, dead stop. After that, maybe looking at their captcha script, because those sometimes have issues if they're not well designed. I don't know where theirs comes from but it doesn't seem to use much obfuscation so it's probably old. After that, Twig. Although judging by a screenshot of the recent hack[0] posted here[1] escaping (and XSS) may not be an issue. [0]https://i.imgur.com/pl22srz.png [1]https://news.ycombinator.com/item?id=9990221 |
|
|
We've already been using PDO. As for overall privacy/security, please see https://projecteuler.net/privacy