Possible Security Loophole! Dev Staff Please Read

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Locked
GAMER4EVER
Registered User
Posts: 6
Joined: Mon Mar 27, 2006 7:24 pm

Possible Security Loophole! Dev Staff Please Read

Post by GAMER4EVER »

Post deleted by author
Last edited by GAMER4EVER on Thu Mar 01, 2007 6:19 pm, edited 1 time in total.

User avatar
Ron2K
Registered User
Posts: 89
Joined: Wed Jul 09, 2003 6:00 pm
Location: Cape Town, South Africa

Re: Possible Security Loophole! Dev Staff Please Read

Post by Ron2K »

Here's a quick two-step guide to getting attention from the devs:
  1. Delete your post, for obvious reasons.
  2. Post on the security tracker.
Life's a game. Just very badly programmed.

User avatar
Highway of Life
Registered User
Posts: 1399
Joined: Tue Feb 08, 2005 10:18 pm
Location: I'd love to change the World, but they won't give me the Source Code
Contact:

Re: Possible Security Loophole! Dev Staff Please Read

Post by Highway of Life »

Here are some links...
Note you could probably post this in the Bug Tracker since it's not a coding security issue, of course, if in doubt about security, it's better to post in the security tracker.

For everyone: IF you believe you have found a Security Hole.
DO NOT post it in a public place.
Post it in the Security Tracker
Image

User avatar
Kellanved
Former Team Member
Posts: 407
Joined: Sun Jul 30, 2006 4:59 pm
Location: Berlin

Re: Possible Security Loophole! Dev Staff Please Read

Post by Kellanved »

Highway of Life is correct: this is not really a security issue. Passworded forums are more a gag than a security feature.

Moreover, you will notice that you are not actually able to read those topics without entering the password. Permissions are the tool to stop users from seeing topics.
No support via PM.
Trust me, I'm a doctor.

User avatar
dhn
Registered User
Posts: 1518
Joined: Wed Jul 04, 2001 8:10 am
Location: Around the corner
Contact:

Re: Possible Security Loophole! Dev Staff Please Read

Post by dhn »

As per kellanved, this is not a bug. The forum has the Active Topics feature turned on. If you don't want the topics to show, just turn the feature off on that forum (it is off by default anyway).

User avatar
Lastof
Registered User
Posts: 518
Joined: Wed Mar 17, 2004 8:10 pm
Location: Two weeks last wednesday

Re: Possible Security Loophole! Dev Staff Please Read

Post by Lastof »

This is something that should be pointed out in the docs (if it isn't already) , since it is inconsistent with some of the other features. Topics from passworded forums do not show up in the search unless you have already entered the password, but they do in the active topics. That is likely to confuse some users.
Last edited by Lastof on 04 May 2008, 00:00, edited -1 times in total
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Look, I'm officially not a bug!!
SHS`: "Oooh Bertie, spank me with that casing stick, spank me spank me spaaaaannnnk mee!"
Image

APTX
Registered User
Posts: 680
Joined: Thu Apr 24, 2003 12:07 pm

Re: Possible Security Loophole! Dev Staff Please Read

Post by APTX »

I'd feel really bad if the topic that matches my search query best would need a password I don't have.
Don't give me my freedom out of pity!

User avatar
jojobarjo32
Registered User
Posts: 164
Joined: Wed Jun 22, 2005 7:38 pm
Location: France

Re: Possible Security Loophole! Dev Staff Please Read

Post by jojobarjo32 »

Fortunately, this is a feature which won't be used too much :) (at least I hope... Permissions are far more powerful)

User avatar
Acyd Burn
Posts: 1838
Joined: Tue Oct 08, 2002 5:18 pm
Location: Behind You
Contact:

Re: Possible Security Loophole! Dev Staff Please Read

Post by Acyd Burn »

I am closing this with my statement that i exactly feel like the original poster. ;) All over the forum permissions are applied to the level of actually not only reading the topics contents but also the title, therefore it is only consistent to not show passworded forum topics if the user has not entered the password.

Image

Locked