Mon, Dec 23, 4:38 AM CST

Renderosity Forums / Community Center



Welcome to the Community Center Forum

Forum Moderators: wheatpenny Forum Coordinators: Anim8dtoon

Community Center F.A.Q (Last Updated: 2024 Dec 20 3:22 am)

Forum news, updates, events, etc. Please sitemail any notices or questions for the staff to the Forum Moderators.



Subject: Account mess up! Security breach and/or a warning.


TrekkieGrrrl ( ) posted Sat, 20 November 2004 at 6:14 AM · edited Thu, 12 December 2024 at 10:03 PM

OK, so ziggie sent me a link to one of his pictures, on MSN. And when I clicked it, I became him. Well that has happened before, because the link includes the sess.ID and stuff, so we're normally aware of that. The REALLY weird thing happened when I logged out and in again as myself. All of a sudden, ziggie was ME. And I DID NOT send him ANY link or anything. He could see my IM's and stuff (I asked to make SURE he was really me) - and I just don't get it. HOW COULD THAT HAPPEN? Now I consider ziggie a friend so I know he wouldn't abuse the situation, but if it can happen with him, it can happen with others too. So will someone please look into it and explain HOW it could happen?! I DON'T like this at all!

FREEBIES! | My Gallery | My Store | My FB | Tumblr |
You just can't put the words "Poserites" and "happy" in the same sentence - didn't you know that? LaurieA
  Using Poser since 2002. Currently at Version 11.1 - Win 10.



deemarie ( ) posted Sat, 20 November 2004 at 6:17 AM

Hi ernyoka Thanks so much for bringing this to our attention. Hopefully Tommy can help with a solution! Dee-Marie


elizabyte ( ) posted Sat, 20 November 2004 at 6:24 AM

It's because the site uses persistent cookies for the session. If someone sends a link with their session ID in it, you log in and you're them. The solution is for the person to be very sure they don't have their session ID included in the link, but also if they log out, you won't be able to log in as them. Personally, I think this is really sloppy coding, and I know for sure that there are better ways to handle sessions and cookies, but I'll let other people argue about it. I mostly wanted to pass on the information about how to work around it. bonni

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis


TrekkieGrrrl ( ) posted Sat, 20 November 2004 at 6:29 AM

Just to prove ernyoka1's point... this is me... Ziggie... while I have been switched to her identity again. I have full access to everyting that ernyoka has on this site. Lets have a peek in accounting.... mmmm..... You made HOW MUCH... Holy Cow... Batman....! I wouldn't do that... but someone else might. the Real ziggie

FREEBIES! | My Gallery | My Store | My FB | Tumblr |
You just can't put the words "Poserites" and "happy" in the same sentence - didn't you know that? LaurieA
  Using Poser since 2002. Currently at Version 11.1 - Win 10.



ziggie ( ) posted Sat, 20 November 2004 at 6:34 AM

And to once again prove the point, now this is me, ernyoka1. And looking at ziggie's account... PUNY :oP And as ziggie said (while impersonating me) - WE wouldn't do it to each other, but someone else might. For the record, since I guess you log it, my IP is 62.107.40.24 ~The One and Only ernyoka1

"You don't have to be mad to use Poser... but it helps"


TrekkieGrrrl ( ) posted Sat, 20 November 2004 at 6:42 AM

Elizabyte. It's not the whole explanation though. Because I NEVER sent ziggie any links. I can fully understand how I can become HIM (just send a link including the sess.id and sess.key and voila) but as I NEVER sent HIM anything, it really worries me. And I just encountered another oddity. I logged out (since I was ziggie) and logged in - as my self, with my own username AND password. Yet when the login was completed, I was STILL ZIGGIE! But now I'm myself again. And my IP is still 62.107.40.24. ~The One and Only ernyoka1

FREEBIES! | My Gallery | My Store | My FB | Tumblr |
You just can't put the words "Poserites" and "happy" in the same sentence - didn't you know that? LaurieA
  Using Poser since 2002. Currently at Version 11.1 - Win 10.



deemarie ( ) posted Sat, 20 November 2004 at 7:41 AM

Just a sidenote: Tommy will may be online until Monday - But I am certain that he will address this issue asap :) Thanks for your patience. Dee-Marie


elizabyte ( ) posted Sat, 20 November 2004 at 8:51 AM

And I just encountered another oddity. I logged out (since I was ziggie) and logged in - as my self, with my own username AND password. Yet when the login was completed, I was STILL ZIGGIE! Oh, that IS weird. Hmm. Once this happened to me with someone else (a friend, thankfully). She was me, I was her, it was just weird. No idea what caused it, other than something bizarre with the cookies and so forth. I logged out and then logged back in and so did she, and it never happened again. bonni

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis


deemarie ( ) posted Sat, 20 November 2004 at 9:19 AM

Hey Bonni Can you please do the following 1. Logout of Rosity 2. go into your browser and remove all your Rosity cookies. [you might need to clean out your history as well] 3. Close out your browswer 4. Reopen your browswer 5. log into Rosity Hopefully that will solve the problem. Dee-Marie


striving ( ) posted Sat, 20 November 2004 at 1:44 PM

LOL, the exact same thing happen to me and a friend of mine last Wed night. We both just signed out and back in as our names.. but that was like a Twilight Zone moment.


Ardiva ( ) posted Sat, 20 November 2004 at 5:50 PM

But people...did you delete your own cookies before you logged back in??



TrekkieGrrrl ( ) posted Sat, 20 November 2004 at 6:01 PM · edited Sat, 20 November 2004 at 6:01 PM

I didn't delete any cookies. But that STILL does NOT explain how I can get a cookie that was meant for ziggie either. Again, I can understand how the opposite can happen since he sent me a link that contained his sess.id and stuff. But NOT the other way around!

Message edited on: 11/20/2004 18:01

FREEBIES! | My Gallery | My Store | My FB | Tumblr |
You just can't put the words "Poserites" and "happy" in the same sentence - didn't you know that? LaurieA
  Using Poser since 2002. Currently at Version 11.1 - Win 10.



elizabyte ( ) posted Sat, 20 November 2004 at 11:30 PM

Dee, I'm not having a problem now. :-) I did once a while ago, but it never repeated. I believe that was because of a poorly formed link that had the session ID in it. As mentioned, the logging out then fixed it. bonni

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis


Questor ( ) posted Sun, 21 November 2004 at 9:06 AM

Heh, I tried to tell them that their damn session ID and wotnot was causing seriously screwed up problems some months ago. I got fobbed off with "we're looking into it"... and guess what? Nothing was done, nobody ever came back with anything more than the "we're looking into it". And now another predictable problem shows how it's messed up - seriously messed up. It would have been better if the response had been more honest "thankyou for pointing this out, but we don't give a damn".


TrekkieGrrrl ( ) posted Sun, 21 November 2004 at 11:16 AM

Actually, ziggie and I had this happening to us about a year ago as well. And we pointed it out back then too. Was just told not to send links with sess.id's in. And that's fine and dandy. but it DOES NOT explain how HE could become ME! And...

I DON'T LIKE IT!

FREEBIES! | My Gallery | My Store | My FB | Tumblr |
You just can't put the words "Poserites" and "happy" in the same sentence - didn't you know that? LaurieA
  Using Poser since 2002. Currently at Version 11.1 - Win 10.



ziggie ( ) posted Sun, 21 November 2004 at 12:58 PM

NEITHER DO I EITHER..!

I don't want to experience PMT... thank you very much.

"You don't have to be mad to use Poser... but it helps"


TrekkieGrrrl ( ) posted Sun, 21 November 2004 at 2:13 PM

PMT? I know PMS and MPD (which this may be a cause of) but WTF is PMT?! =o) And DON'T SHOUT! I'm the only one allowed to SHOUT here!

FREEBIES! | My Gallery | My Store | My FB | Tumblr |
You just can't put the words "Poserites" and "happy" in the same sentence - didn't you know that? LaurieA
  Using Poser since 2002. Currently at Version 11.1 - Win 10.



Natolii ( ) posted Sun, 21 November 2004 at 2:28 PM · edited Sun, 21 November 2004 at 2:30 PM

I just PM'd Dee...

This is a serious security hole that needs to get patched up ASAP. Another instance occurred in the Copyright Forum today. It's a little more widespread then having to delete cookies if multiple members are having the SAME EXACT issue. I have a degree in computers in business applications and one of my required courses was Information Security.

Message edited on: 11/21/2004 14:30


aazaricantharess ( ) posted Sun, 21 November 2004 at 2:34 PM

Had this happen to myself and another as well. Even after I tried to log out and then back in, it just brought me back into the system as her. And she had my ID. I had to log out TWICE to get it to bring my account back to me. I didn't delete any cookies and my machine is set to not store them, so I'm not entirely sure it's a cookie problem. Aazari The Art of Jolie E. Bonnette http://www.aazari.com/art/ Art Protection League http://www.artprotectionleague.org/


deemarie ( ) posted Sun, 21 November 2004 at 4:13 PM

Hi Everyone - 1st off, we do care :) This ID swtiching can affect all members [and yes,Mods, Coords, and Admins are member first, team member second] - So, we do care, honest - it is a problem that could cause havoic to anyone's account if they are not careful when sharing links. I personally do not have the answers to your questions, nor the solutions to solve the problem. However, I promise to do my best to bring this matter to the attention of the programers - who will be in first thing Monday morning Rosity time. I truly realize the importance of this matter and I promise that the programers will address this ASAP. Thanks so much for your patience and understanding. Sincerely Dee-Marie


Questor ( ) posted Sun, 21 November 2004 at 7:16 PM

Yep, that's about what was said last time too, and the time before that, and... Ahhh, whatever.


tim ( ) posted Mon, 22 November 2004 at 11:35 AM
Site Admin

Guys, Thanks for the heads up. We've made some code changes that should address this problem going forward. Please let us know if you encounter this type of issue again. TC


deemarie ( ) posted Mon, 22 November 2004 at 1:17 PM

Thanks sOOOo much Tim :) Dee-Marie


Sasha_Maurice ( ) posted Mon, 22 November 2004 at 4:40 PM
Armorbeast ( ) posted Tue, 23 November 2004 at 4:02 AM

Well I don't understand but can say this,on DAZ I followed a link that logged me in as the sender,I logged out and then after logging in several times I went back to DAZ and again found myself logged in as this other person.I complained there and here and was told over and over that it couldn't have happened for this reason and that...the saving grace at DAZ is that you have to re enter your password to get into the secure areas but I found that if you keep hitting the button to access those that it eventually lets you through without a password. So here's the deal...don't store credit card numbers or any sensitive info on the site as its not secure here or at DAZ.Besides guys,if you have a credit card why do you need to save it on the site?I mean,you have the card right...why leave that info on site? So my suggestion to Rosity is for security reasons,remove that option and require only the basic info members need to have to access the purchase area...let them do the rest themselves.

If the end goal of learning is genius...why are most geniuses failures at learning?


Ardiva ( ) posted Tue, 23 November 2004 at 8:57 AM

As far as I know, RO doesn't store CC info. One has to keep entering it when one buys each time. The only one that stores CC info that I know of is DAZ.



Armorbeast ( ) posted Tue, 23 November 2004 at 9:04 AM

I stand corrected lol...then its DAZ that needs to change that particular policy (glad you said it and not me though,remember...DAZ is perfect...repeat after me...Daz is perfect roflimao).

If the end goal of learning is genius...why are most geniuses failures at learning?


ClintH ( ) posted Tue, 23 November 2004 at 9:07 AM

That is 100% correct. Renderosity does not store your credit card information. Clint

Clint Hawkins
MarketPlace Manager/Copyright Agent



All my life I've been over the top ... I don't know what I'm doing ... All I know is I don't wana stop!
(Zakk Wylde (2007))



ArtyMotion ( ) posted Tue, 23 November 2004 at 6:52 PM

You might want to remove the IP addresses from the previous posts, just for safety!


Privacy Notice

This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.