|
any chance you can move the abuse and/or delete links to the top before the message? This way such assholes such as Byle can delete their messages if they truly are testing it. Also, CP admins could then delete it without resorting to the database.
"Marge, don't discourage the boy! Weasling out of things is important to learn. It's what separates us from the animals! Except the weasel." - Homer Simpson
Web - Blog - RSS - Math - LinkedIn - BM
|
|
|
|
|
Bassam Abdul-Baki wrote: assholes such as Byle
Nice new nickname for Kyle...
Some people have a memory and an attention span, you should try them out one day. - Jeremy Falcon
|
|
|
|
|
When byle hacked the lounge, I clicked on some of the links in the summary window (forgot the name) in the top right corner. None of the ones that came after his message came through. Does CP parse all messages per forum from top to bottom to get to the one we need?
"Marge, don't discourage the boy! Weasling out of things is important to learn. It's what separates us from the animals! Except the weasel." - Homer Simpson
Web - Blog - RSS - Math - LinkedIn - BM
|
|
|
|
|
Yes, it does. You mcan either use normal view which will eliminate the problem outright, or you can modify the next/prev links to skip over the dud messages. The last parameter is the starting message:
ttp://www.codeproject.com/script/comments/forums.asp?forumid={forum_id}&df=100&mpp=50&fr={start_from}
|
|
|
|
|
I see. That's okay, I prefer the Message View so I can see all replies. Makes it easier to browse especially with CPhog enabled.
"Marge, don't discourage the boy! Weasling out of things is important to learn. It's what separates us from the animals! Except the weasel." - Homer Simpson
Web - Blog - RSS - Math - LinkedIn - BM
|
|
|
|
|
Nuisance alert in the Lounge. The wanna-be hacker's back.
"Marge, don't discourage the boy! Weasling out of things is important to learn. It's what separates us from the animals! Except the weasel." - Homer Simpson
Web - Blog - RSS - Math - LinkedIn - BM
|
|
|
|
|
Seems that he will never go away. I suggest ban all hhis IP Addresses. He has remanifested himself.
Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -Brian Kernighan
|
|
|
|
|
I am unable to modify posts, any post I have made. Trying to do so errors with the following message
The Page: : /script/comments/admin_modify.asp
The Time: : Tuesday, December 26, 2006, 7:00:00 AM
The Server: : Web08
The Error No. : 0x800A01C2. Remember this number. There will be a test.
The Category : Microsoft VBScript runtime
Someone else in the VC++ board had the same issue.
I'd love to help, but unfortunatley I have prior commitments monitoring the length of my grass. :Andrew Bleakley:
|
|
|
|
|
Same problem here in the Lounge. I ended up replying to my own post.
Cheers,
Vikram.
"Life isn't fair, and the world is full of unscrupulous characters. There are things worth fighting for, killing for and dying for, but it's a really small list. Chalk it up to experience, let it go, and move on to the next positive experience in your life." - Christopher Duncan.
|
|
|
|
|
Sorry - was all a bit of a mess. All fixed.
Yeah, Merry Christmas everyone...
cheers,
Chris Maunder
CodeProject.com : C++ MVP
|
|
|
|
|
Chris Maunder wrote: All fixed
Thanks Chris,
I'd love to help, but unfortunatley I have prior commitments monitoring the length of my grass. :Andrew Bleakley:
|
|
|
|
|
How about CP becoming an OpenID consumer?
|
|
|
|
|
Kaizer Soze wrote: OpenID consumer?
What is that?
"I'd like to help but I don't feel like Googling it for you."
|
|
|
|
|
|
Dear sirs,
A few hours ago someone with url 213.238.151.77 illegally requested my userid/password using a valid email address. This request was honored bij a PLAIN text email stating my userid, my email address and my password.
Is it possible fo you to protect my privacy by using encryption?
Thank you,
Hans Reijers
(hans.reijers @ planet.nl)
|
|
|
|
|
|
I think hes talking about if you request a lost password from CP, it sends an email with your password. And he wants the passwords to be md5'd or something.
|
|
|
|
|
Sam2006 and administration,
Yes, that's right. Anyone who knows your email address can request for your userid and password at Codeproject.com
There is no check if this is a valid request. The password itself is sent in PLAIN text.
There is no way a user can prevent abuse this way. It needs a change in forum policy.
Maybe the same protocol as used for registering (user MUST reply to an encoded message) can be used for sending a ONETIME new replacement password.
Thanks,
Hans Reijers.
|
|
|
|
|
What possible use would that be? The whole purpose of the request is to give you your password, if it is encoded then it won't be of any use to you. If someone requests your password and has access to your e-mail account, then they will be able to get your password regardless of whether it is sent as plain text or requires an extra confirmation. Even if it sends a onetime password it will still go to your e-mail account.
The current approach is perfectly adequate to protect your privacy. CodeProject.com cannot be held responsible if your own computer systems and accounts are comprimised.
|
|
|
|
|
Hi Sam,
My bad - I thought it was a generic statement - not CP in specific.
Jeff
|
|
|
|
|
The only person who will receive that email is you.
cheers,
Chris Maunder
CodeProject.com : C++ MVP
|
|
|
|
|
Not always. Maybe the user receives it through a mail server that has been compromised, what if that password is also their password to something else, say maybe access to a server or something like that. Also what if the user opens the email and a colleague comes in and sees it. I know you are not responsible for anything that goes wrong, but it would be nice if you did implemented this for your users sake.
Brad
Australian
-CAUTION-
The previous statement may contain traces of PHP, and by reading this statement you negate the right to vote me down.
|
|
|
|
|
It's good practices to have different passwords for all your stuff. I don't really think that sending passwords in another form will at all help from a security side. If the mail gets compromised then it is just tough luck. Any one who know how email servers work will know how to spoof the reply & sending address when activating a reply based password recovery.
Artificial Intelligence is no match for Natural Stupidity
No one can understand the truth until he drinks of coffee's frothy goodness. ~Sheik Abd-al-Kadir
I can't always be wrong ... or can I?
|
|
|
|
|
Yes but not everyone follows those regulations. I personally have different password for every work thing and then I have 3 passwords for my personal stuff. Actually it would be interesting to see everyones old passwords.
Here are my last 3 personal ones:
vroctery
gernnerk
sylio654
Brad
Australian
-CAUTION-
The previous statement may contain traces of PHP, and by reading this statement you negate the right to vote me down.
|
|
|
|
|
2 of my old ones were
#.File_and_Internet...Server1.# <-- nice and easy to remember
this20103533270882pass <-- yes i did remember it!
Artificial Intelligence is no match for Natural Stupidity
No one can understand the truth until he drinks of coffee's frothy goodness. ~Sheik Abd-al-Kadir
I can't always be wrong ... or can I?
|
|
|
|