Home | Community | Message Board


MRCA Tyroler Gluckspilze
Please support our sponsors.

Feedback and Administration >> Website Announcements and Feature Feedback

Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Jump to first unread post. Pages: 1
InvisibleYthanA
٩(●̮•̃)۶
Male

Registered: 08/08/97
Posts: 17,043
Loc: NY/MA/VT Borderlands, USA
Re: Private Message are a security risk * 1
    #197751 - 07/31/99 12:03 AM (18 years, 27 days ago)

Hey there. The private messages don't associate an IP address with your board identity, and the "Welcome back Spore Monkey" message uses a cookie on your hard drive to identify you, not a log of your IP address stored on our server. The only information the cookie contains in your username and your password. In fact, the BB sets a similar cookie so that you don't have to enter your name and pass every time you post a message.

I didn't write the code for the private messages hack, but I did go over it line by line, and it's no more of a threat to security than the BB itself. The only information that's stored on our server is the actual text of your private messages. Everything else is kept on your hard drive.

With that said, it's retarded that the hack doesn't work if you have cookies disabled. I didn't notice that because I have them enabled in my browser, but I'll definitely get that fixed right away.

Update: 7/31/99 2:24 pm EST

Alright, I did some heavy work on the scripts, and private messages should now by 100% functional through a proxy or with cookies disabled in your browser. If you notice any incompatibilities, please let me know.

------------------
Ythan
Founder of the Shroomery

[This message has been edited by Ythan (edited July 31, 1999).]



Post Extras: Print Post  Remind Me! Notify Moderator
Anonymous

Re: Private Message are a security risk
    #197753 - 07/31/99 03:07 PM (18 years, 27 days ago)

Ythan, you're a genius. This is twice in the past week or so I've found some bug in the bb code that you've fixed within a day.

Thanks a million.

Although, if you can, answer me this: Even if all that is explicitly being called for by the script is the cookie, at some point that username and password has to be transmitted to the Shroomery server, which in turn returns the result: [X] new messages. That result data is sent to my current IP, since I wasn't using a proxy, that means a hack could potentially be associating my ID with that IP. Unless I'm missing something, that's the way it operates and that's why I considered it a security risk. Or am I just completely off my rocker?



Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleYthanA
٩(●̮•̃)۶
Male

Registered: 08/08/97
Posts: 17,043
Loc: NY/MA/VT Borderlands, USA
Re: Private Message are a security risk
    #197754 - 08/01/99 07:45 PM (18 years, 25 days ago)

Nope, you haven't lost it...your username and password do get transmitted (in plaintext) to our server, and if you're not using a proxy, an enterprising hacker could theoretically associate your username with your IP, and subsequently your identity in real life. Unlikely? I think so. But it could happen.

Hopefully, now that the private messages don't require cookies to function, individuals who access the Shroomery via a proxy can rest easy while still being able to take advantage of all this BB's features. As always, if anyone has any future security concerns, please let me know...I'd like to make this site as safe as possible for all.

------------------
Ythan
Founder of the Shroomery




Post Extras: Print Post  Remind Me! Notify Moderator
Jump to top. Pages: 1

Feedback and Administration >> Website Announcements and Feature Feedback

Similar ThreadsPosterViewsRepliesLast post
* Notification about changes concerning private messages
( 1 2 3 4 all )
AnnoA 7,365 68 02/20/04 06:37 AM
by Anonymous
* New Feature: Secure Private Messages!
( 1 2 3 4 all )
YthanA 12,570 76 05/03/15 03:33 PM
by milonix
* Secure Private Messages delta9 1,014 11 08/13/05 05:45 PM
by delta9
* Re: Problem with private message... Anonymous 529 1 09/22/99 11:44 PM
by Ythan
* Private Messaging ToolTroll 942 5 07/19/08 08:58 PM
by ToolTroll
* Re: private messages not working? YthanA 1,295 6 10/13/99 06:04 PM
by Ythan
* Re: Private Messages YthanA 790 4 04/29/00 02:48 AM
by Ythan
* Re: Private Message Problem PanTrop 778 3 12/14/99 09:15 PM
by Submob

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: Ythan, Thor, Seuss, geokills
1,031 topic views. 1 members, 0 guests and 2 web crawlers are browsing this forum.
[ Toggle Favorite | Print Topic | Stats ]
Search this thread:
Azarius
Please support our sponsors.

Copyright 1997-2017 Mind Media. Some rights reserved.

Generated in 0.028 seconds spending 0.008 seconds on 18 queries.