Possible Security Loophole! Dev Staff Please Read
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
-
- Registered User
- Posts: 6
- Joined: Mon Mar 27, 2006 7:24 pm
Possible Security Loophole! Dev Staff Please Read
Post deleted by author
Last edited by GAMER4EVER on Thu Mar 01, 2007 6:19 pm, edited 1 time in total.
Re: Possible Security Loophole! Dev Staff Please Read
Here's a quick two-step guide to getting attention from the devs:
- Delete your post, for obvious reasons.
- Post on the security tracker.
Life's a game. Just very badly programmed.
- Highway of Life
- Registered User
- Posts: 1399
- Joined: Tue Feb 08, 2005 10:18 pm
- Location: I'd love to change the World, but they won't give me the Source Code
- Contact:
Re: Possible Security Loophole! Dev Staff Please Read
Here are some links...
Note you could probably post this in the Bug Tracker since it's not a coding security issue, of course, if in doubt about security, it's better to post in the security tracker.
For everyone: IF you believe you have found a Security Hole.
DO NOT post it in a public place.
Post it in the Security Tracker
Note you could probably post this in the Bug Tracker since it's not a coding security issue, of course, if in doubt about security, it's better to post in the security tracker.
For everyone: IF you believe you have found a Security Hole.
DO NOT post it in a public place.
Post it in the Security Tracker
Re: Possible Security Loophole! Dev Staff Please Read
Highway of Life is correct: this is not really a security issue. Passworded forums are more a gag than a security feature.
Moreover, you will notice that you are not actually able to read those topics without entering the password. Permissions are the tool to stop users from seeing topics.
Moreover, you will notice that you are not actually able to read those topics without entering the password. Permissions are the tool to stop users from seeing topics.
No support via PM.
Trust me, I'm a doctor.
Trust me, I'm a doctor.
- dhn
- Registered User
- Posts: 1518
- Joined: Wed Jul 04, 2001 8:10 am
- Location: Around the corner
- Contact:
Re: Possible Security Loophole! Dev Staff Please Read
As per kellanved, this is not a bug. The forum has the Active Topics feature turned on. If you don't want the topics to show, just turn the feature off on that forum (it is off by default anyway).
- Lastof
- Registered User
- Posts: 518
- Joined: Wed Mar 17, 2004 8:10 pm
- Location: Two weeks last wednesday
Re: Possible Security Loophole! Dev Staff Please Read
This is something that should be pointed out in the docs (if it isn't already) , since it is inconsistent with some of the other features. Topics from passworded forums do not show up in the search unless you have already entered the password, but they do in the active topics. That is likely to confuse some users.
Last edited by Lastof on 04 May 2008, 00:00, edited -1 times in total
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Look, I'm officially not a bug!!
SHS`: "Oooh Bertie, spank me with that casing stick, spank me spank me spaaaaannnnk mee!"
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Look, I'm officially not a bug!!
SHS`: "Oooh Bertie, spank me with that casing stick, spank me spank me spaaaaannnnk mee!"
Re: Possible Security Loophole! Dev Staff Please Read
I'd feel really bad if the topic that matches my search query best would need a password I don't have.
Don't give me my freedom out of pity!
- jojobarjo32
- Registered User
- Posts: 164
- Joined: Wed Jun 22, 2005 7:38 pm
- Location: France
Re: Possible Security Loophole! Dev Staff Please Read
Fortunately, this is a feature which won't be used too much (at least I hope... Permissions are far more powerful)
Re: Possible Security Loophole! Dev Staff Please Read
I am closing this with my statement that i exactly feel like the original poster. All over the forum permissions are applied to the level of actually not only reading the topics contents but also the title, therefore it is only consistent to not show passworded forum topics if the user has not entered the password.