I didn't write the code for the private messages hack, but I did go over it line by line, and it's no more of a threat to security than the BB itself. The only information that's stored on our server is the actual text of your private messages. Everything else is kept on your hard drive.

With that said, it's retarded that the hack doesn't work if you have cookies disabled. I didn't notice that because I have them enabled in my browser, but I'll definitely get that fixed right away.

Update: 7/31/99 2:24 pm EST

Alright, I did some heavy work on the scripts, and private messages should now by 100% functional through a proxy or with cookies disabled in your browser. If you notice any incompatibilities, please let me know.

------------------
Ythan
Founder of the Shroomery

[This message has been edited by Ythan (edited July 31, 1999).]

Thanks a million.

Although, if you can, answer me this: Even if all that is explicitly being called for by the script is the cookie, at some point that username and password has to be transmitted to the Shroomery server, which in turn returns the result: [X] new messages. That result data is sent to my current IP, since I wasn't using a proxy, that means a hack could potentially be associating my ID with that IP. Unless I'm missing something, that's the way it operates and that's why I considered it a security risk. Or am I just completely off my rocker?

Hopefully, now that the private messages don't require cookies to function, individuals who access the Shroomery via a proxy can rest easy while still being able to take advantage of all this BB's features. As always, if anyone has any future security concerns, please let me know...I'd like to make this site as safe as possible for all.

------------------
Ythan
Founder of the Shroomery