Vladimir Panteleev

Results 783 comments of Vladimir Panteleev

What `.htaccess` file? There are currently no `.htaccess` files in this git repository.

Servers don't have `.htaccess` files, they have configuration files (usually with a `.conf` extension). > But is it safe? The directive instructs web browsers that web pages served with that...

Can you post a HAR from a login attempt? (Open the network console, try to log in, then right click in the request list and select "Save all as HAR")....

> Do you happen to know? Well, since Jacob doesn't seem to have time to keep track of the activity in their project, I guess you can keep creating issues...

> This being the permanence of the random login token, which allows an attacker infinite time to generate a matching token via a rainbow table lookup or even bruteforce. Following...

Blocked by #214. Could be ameliorated by changing the `.ini` file back to a `.php` one, but doesn't solve the larger issue, just the most urgent one.

Practically all web apps will always have a separate, non-versioned file where configuration is stored. For example: - MediaWiki has a `LocalSettings.php`, which is intended to be created and edited...

> Remember that this version of Hashover is not ready for release, it's a development version. Of course. That doesn't get in the way of helping make a list of...