|
Why does CodeProject provide insecure login at the top of the page?
If I type the wrong password in the box first time, then it will take me to a https page, which is a good thing.
But since CP already has SSL anyway, I don't see a reason to leave this vulnerability?
|
|
|
|
|
If you look at the source of the page, the login form submits to an HTTPS target
<script type="text/javascript">
function doSubmit(secure)
{
if (secure)
document.subForm.action = "https://www.codeproject.com/script/Membership/LogOn.aspx?rp=%2fMessages%2f4365528%2fRe-CodeProject-insecure-login.aspx"
else
document.subForm.action = "https://www.codeproject.com/script/Membership/LogOn.aspx?rp=%2fMessages%2f4365528%2fRe-CodeProject-insecure-login.aspx"
document.subForm.submit();
return true;
}
</script>
<a name="SignUp"></a>
<form name="subForm" id="subForm" action="https://www.codeproject.com/script/Membership/LogOn.aspx?rp=%2fMessages%2f4365528%2fRe-CodeProject-insecure-login.aspx" method="post" class="tight">
|
|
|
|
|
I am aware of that, but it doesn't prevent an MITM attack. Whenever there are input boxes on a page which is not secured, nothing guarantees you that you are not being a victim of a MITM attack.
All form post links could be rewritten to send the data elsewhere. Even worse, page could be running a key-logging JavaScript code, and no-one would have a clue that their passwords have being stolen before they even clicked the submit button.
modified 26-Sep-12 11:43am.
|
|
|
|
|
Hi,
Could it be possible now or in future to reply for any comment through registered email will post in particular discussion ?
Say, i got one comment in one article and when i do reply(from email) it should be post on that comment.
And do we have RSS feed for QA ? it would be nice to have email reply feature from QA. People can post solution from email.
Thanks
-Amit Gajjar (MinterProject)
|
|
|
|
|
If it needs to be in the thread, it should be replied to as a thread. If you think about it, this makes sense - what happens if you email someone and that post appears, but then they reply to you through their email client? At this point, only your post appears - there is no reply to it in the thread chain. Then you reply to that email - pretty soon you have a whole host of information that does not make it into the post.
|
|
|
|
|
Quote: what happens if you email someone and that post appears,
No, Email should not be converted into the post. Only reply for the post should be submitted on that thread.
Scenario:
1) I got one Question through RSS feeds, I reply from email client and it submit it as a solution(if it enclose with <Solution> element. if it posted with <comment> tag then it should be post as comment.
2) if i got email comment on particular solution, it will definitly post as comment for the reply from email client.
Does it make scence ?
Thanks
-Amit Gajjar (MinterProject)
|
|
|
|
|
@amitgajjar wrote: Does it make scence ?
I see. So, you want replies that go through CP servers to be converted based on an arbitrary set of rules. What do you do with replies that somebody misspells comment, for instance?
|
|
|
|
|
In this scenario we need to use Subject as Primary information. User do not need to modify subject line and CP server will parse it and process accordingly.
Quote: somebody misspells comment
By default any of the reply would be converted as comment. Even that is not required. if we restrict people to post only single solution for any question. but i don't think it's good option. Anyway the answer is default message will be posted as Comment.
As far as discussion section is concern we can use this without any issue. Except the category of the reply (i.e. Genera, Question, Answer...etc.)
But this will be easier to reply more threads then ever we have imagine.
Thanks
-Amit Gajjar (MinterProject)
|
|
|
|
|
In my opinion, we should just stick with the mechanisms we've got. If someone needs to reply, they really should do it through CP.
|
|
|
|
|
I agree, When there is no option we have to stick to that. But this is just suggestion.
Thanks for the discussion
Thanks
-Amit Gajjar (MinterProject)
|
|
|
|
|
Your interaction with other members is valuable to the whole community, not just you. The discussion/replies could help other developers.
|
|
|
|
|
Yes ofcourse. that's why this suggestion is to post discussion in CP when any contributor reply the discussion through email client.
Thanks
-Amit Gajjar (MinterProject)
|
|
|
|
|
If you want the community to see your discussion, then you should not have the discussion via email.
|
|
|
|
|
Let me explain,
When you got email that someone have replied on your article, you can use reply button to post your message on code project. it will append that message in that discussion in codeproject.
So, Yes community people can view your discussion as it will be posted via email.
Thanks
-Amit Gajjar (MinterProject)
|
|
|
|
|
Let me explain...
Just have your discussion via the website and skip the added complexity of the email feature.
My opinion.
|
|
|
|
|
Right,
This idea comes in my head so just want to share. And nothing wrong in discussing new ideas. am i right ?
Thanks
-Amit Gajjar (MinterProject)
|
|
|
|
|
@amitgajjar wrote: nothing wrong in discussing new ideas. am i right ?
Correct.
However, it is my perception, that Chris and company, only make changes on the site if they feel that it will benefit the masses and not the few.
Your idea, IMHO, is for the few and not the masses.
It's a good idea.
-- Cheers.
|
|
|
|
|
For some reason I am only seeing a few articles in the different sections, even though I have no filter set. I have also seen the popup issue reported below. I did clear my cache to see if that would work, but it didn't.
Browser: Firefox 15.0.1. Will test with IE9 and Maxthon.
IE9 and Maxthon have the same issue.
I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We've created life in our own image.
Stephen Hawking
|
|
|
|
|
Should be all good now.
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
Just out of curiosity, what happened? A database error? Or did the problem exist between the chair and the keyboard?
I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We've created life in our own image.
Stephen Hawking
|
|
|
|
|
Select Top(10) instead of Select...
We consolidated some code and forgot about a default parameter value.
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
When I hover over user name there is no popup. I looked at my settings and it has it checked.
|
|
|
|
|
Same for me. I'm using Chrome 21.0.1180.89 m
The United States invariably does the right thing, after having exhausted every other alternative. -Winston Churchill
America is the only country that went from barbarism to decadence without civilization in between. -Oscar Wilde
Wow, even the French showed a little more spine than that before they got their sh*t pushed in.[^] -Colin Mullikin
|
|
|
|
|
Same. Firefox 15.0.1
EDIT: There seems to be a lot of issues with the site lately. See my post above for another one I found.
I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We've created life in our own image.
Stephen Hawking
modified 12-Sep-12 21:14pm.
|
|
|
|
|
It is back
Sincerely,
Elina Blank
Life is great!!! Enjoy every moment of it!
|
|
|
|