New engine with already flawed system...

New engine with already flawed system...
FinFarenath's Diary

FinFarenath's Diary

Home

Gallery

Forum

Diary

Older...

Open login screen

FurryFinder

Links

v.23

New engine with already flawed system...	Tuesday, July 1. 2008 10:21
Yesterday evening I found out that the just installed engine for my diary had a "nice" security bug. When posting comments to entries that are not visible for everyone ( except for known users ) their comment is exposed to everyone in the RSS feeds for comments. This bug however does not occur for the entries themselves. If you read the RSS feed for the entries you will see only those that are valid for your userlevel. But with comments, everyone sees everything. Downside, this is not easily fixable - but the upside... I simply deactivated the feature of comment RSS in general. It now only shows the headlines and title for the entry in the feed, thus not exposing commented text to everyone anymore.
Posted by FinFarenath 2 Comments

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

Hm, i can still see some comments from private posts. Bad script thingey ^.^

#1 Tillikum (Homepage) on 2008-07-01 15:32 (Reply)

Well, you should only be able to see the headlines of comments, not the comments itself. Do you?

#1.1 FinFarenath (Homepage) on 2008-07-01 15:54 (Reply)

Add Comment

Name
Email
Homepage
In reply to
Comment	Enclosing asterisks marks text as bold (word), underscore are made via _word_. Standard emoticons like :-) and ;-) are converted to images. E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To leave a comment you must approve it via e-mail, which will be sent to your address after submission. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information?

May '12


	fun (13) furry (18) hobbies (16) Kleinperd (5) media (19) personal (49) pony (2) work (15) All categories


	RSS 1.0 feed RSS 2.0 feed RSS 2.0 Comments


	Last entry: 2012-01-08 11:51 279 entries written 64 comments have been made

All content is copyright © 1989-2007 by FinFarenath. All material on this website is the property of the author. Any copying or quoting from this text is forbidden and requires a written permission of the author. The legal disclaimer applies for all the pages found under this domain. Ideas, requests, problems regarding FinFarenath's dragons lair - send feedback. This site was created at DATE.