Home | Community | Message Board


Mycohaus
Please support our sponsors.

Feedback and Administration >> Website Announcements and Feature Feedback

Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Amazon Shop: Ranch Dressing

Jump to first unread post. Pages: 1
InvisibleYthanA
ᕕ( ᐛ )ᕗ
Male

Registered: 08/08/97
Posts: 17,306
Loc: NY/MA/VT Borderlands, USA
Re: Private Message are a security risk * 1
    #197751 - 07/31/99 12:03 AM (19 years, 2 months ago)

Hey there. The private messages don't associate an IP address with your board identity, and the "Welcome back Spore Monkey" message uses a cookie on your hard drive to identify you, not a log of your IP address stored on our server. The only information the cookie contains in your username and your password. In fact, the BB sets a similar cookie so that you don't have to enter your name and pass every time you post a message.

I didn't write the code for the private messages hack, but I did go over it line by line, and it's no more of a threat to security than the BB itself. The only information that's stored on our server is the actual text of your private messages. Everything else is kept on your hard drive.

With that said, it's retarded that the hack doesn't work if you have cookies disabled. I didn't notice that because I have them enabled in my browser, but I'll definitely get that fixed right away.

Update: 7/31/99 2:24 pm EST

Alright, I did some heavy work on the scripts, and private messages should now by 100% functional through a proxy or with cookies disabled in your browser. If you notice any incompatibilities, please let me know.

------------------
Ythan
Founder of the Shroomery

[This message has been edited by Ythan (edited July 31, 1999).]



Post Extras: Print Post  Remind Me! Notify Moderator
Anonymous

Re: Private Message are a security risk
    #197753 - 07/31/99 03:07 PM (19 years, 2 months ago)

Ythan, you're a genius. This is twice in the past week or so I've found some bug in the bb code that you've fixed within a day.

Thanks a million.

Although, if you can, answer me this: Even if all that is explicitly being called for by the script is the cookie, at some point that username and password has to be transmitted to the Shroomery server, which in turn returns the result: [X] new messages. That result data is sent to my current IP, since I wasn't using a proxy, that means a hack could potentially be associating my ID with that IP. Unless I'm missing something, that's the way it operates and that's why I considered it a security risk. Or am I just completely off my rocker?



Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleYthanA
ᕕ( ᐛ )ᕗ
Male

Registered: 08/08/97
Posts: 17,306
Loc: NY/MA/VT Borderlands, USA
Re: Private Message are a security risk
    #197754 - 08/01/99 07:45 PM (19 years, 2 months ago)

Nope, you haven't lost it...your username and password do get transmitted (in plaintext) to our server, and if you're not using a proxy, an enterprising hacker could theoretically associate your username with your IP, and subsequently your identity in real life. Unlikely? I think so. But it could happen.

Hopefully, now that the private messages don't require cookies to function, individuals who access the Shroomery via a proxy can rest easy while still being able to take advantage of all this BB's features. As always, if anyone has any future security concerns, please let me know...I'd like to make this site as safe as possible for all.

------------------
Ythan
Founder of the Shroomery




Post Extras: Print Post  Remind Me! Notify Moderator
Jump to top. Pages: 1

Amazon Shop: Ranch Dressing

Feedback and Administration >> Website Announcements and Feature Feedback

Similar ThreadsPosterViewsRepliesLast post
* Notification about changes concerning private messages
( 1 2 3 4 all )
AnnoA 7,764 68 02/20/04 06:37 AM
by Anonymous
* New Feature: Secure Private Messages!
( 1 2 3 4 all )
YthanA 12,935 76 05/03/15 03:33 PM
by milonix
* Re: Problem with private message... Anonymous 594 1 09/22/99 11:44 PM
by Ythan
* Re: private messages not working? YthanA 1,380 6 10/13/99 06:04 PM
by Ythan
* Re: Private Messages YthanA 877 4 04/29/00 02:48 AM
by Ythan
* Re: Private Message Problem PanTrop 861 3 12/14/99 09:15 PM
by Submob
* Re: Private message alert? Captain Jack 776 3 01/26/00 09:43 PM
by Captain Jack
* Re: Private Message service buggered ? Psylosymon 927 6 12/02/99 02:16 PM
by Psylosymon

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: Ythan, Thor, Seuss, geokills
1,086 topic views. 0 members, 0 guests and 1 web crawlers are browsing this forum.
[ Print Topic ]
Search this thread:
FreeSpores.com
Please support our sponsors.

Copyright 1997-2018 Mind Media. Some rights reserved.

Generated in 0.022 seconds spending 0.005 seconds on 15 queries.