Zhann opened this issue on Feb 26, 2005 ยท 18 posts
Zhann posted Sat, 26 February 2005 at 7:56 PM
Because we have alot of new Brycers and maybe some of the regulars don't know, when posting links to threads, gallery images etc., make sure there are no session ids or session keys in your posts.
These little critters, should the wrong person get ahold of them, allow someone to 'become' you. With access to your threads, homepage, gallery, freestuff, etc. And that person can do some nasty damage....
This also applies to IMs and emails.
A gallery image post should look like this;
http://www.renderosity.com/viewed.ez?galleryid=893570
delete anything after the gallery id number if there is anything there. For a forum thread;
http://www.renderosity.com/messages.ez?Form.ShowMessage=2136242
delete anything after the message number if there is anything there.
This is just an FYI, to keep you safe from nasties...=)
Zhann
Bryce Forum Coordinator
Bryce Forum Coordinator....
Vision is the Art of seeing things invisible...
pakled posted Sat, 26 February 2005 at 8:12 PM
hmm..never thought about it..thanks..
I wish I'd said that.. The Staircase Wit
anahl nathrak uth vas betude doth yel dyenvey..;)
RodsArt posted Sat, 26 February 2005 at 8:37 PM
Thanks Zhann
___
Ockham's razor- It's that simple
tjohn posted Sat, 26 February 2005 at 9:31 PM
There's a problem with the "&Start=1&Artist=yourname&ByArtist=Yes" part of a URL for a gallery image?
This is not my "second childhood". I'm not finished with the first one yet.
Time flies like an arrow; fruit flies like a banana.
"I'd like to die peacefully in my sleep like my grandfather....not screaming in terror like the passengers on his bus." - Jack Handy
xenic101 posted Sat, 26 February 2005 at 11:19 PM
I dont think that part is the problem tjohn. Although it is redundant. Sometimes session info is included in the url, that session # is you there, not whoever clicks a link including it. It is always safest to edit any url you post.
Zhann posted Sun, 27 February 2005 at 1:10 AM
Just session ids and keys, but there really doesn't need to be anything but the gallery id number for people to go directly to the image. Like xenix101 says, it always a good idea to edit your links before posting them.
Bryce Forum Coordinator....
Vision is the Art of seeing things invisible...
chohole posted Sun, 27 February 2005 at 2:58 AM
Ah that explains something that happened once when I sent my Daughter-out-law a link to a thread and when she logged in it was my ID and she could have read my IM's etc. We were puzzled why it happened, but thought that maybe it was because when I was over there I was using her PC to browse the forum, and she had somehow inadvertently logged in on my ID. Now we know...thanks for the info.
The greatest part of wisdom is learning to develop the ineffable genius of extracting the "neither here nor there" out of any situation...."
tjohn posted Sun, 27 February 2005 at 3:57 AM
Got it.
This is not my "second childhood". I'm not finished with the first one yet.
Time flies like an arrow; fruit flies like a banana.
"I'd like to die peacefully in my sleep like my grandfather....not screaming in terror like the passengers on his bus." - Jack Handy
TheBryster posted Sun, 27 February 2005 at 5:54 AM
LOL!! That happened with Ang and me! We actually became each other.....!
Available on Amazon for the Kindle E-Reader
All the Woes of a World by Jonathan Icknield aka The Bryster
And in my final hours - I would cling rather to the tattooed hand of kindness - than the unblemished hand of hate...
Ang25 posted Sun, 27 February 2005 at 6:33 AM
That was scarey Bryster, LOL.
FranOnTheEdge posted Sun, 27 February 2005 at 10:46 AM
Thanks, Zhann. It's nice to gradually learn these things, maybe someday then, I won't be completely computer illiterate - and hopefully - safer. Ang and TheBryster, swopping personalities... yuk! That's not just scary, it's, it's... icky! (big shudder) (g) Fran
Measure
your mind's height
by the shade it casts.
Robert Browning (Paracelsus)
pakled posted Sun, 27 February 2005 at 11:22 AM
hmm..if only my IM's were worth filching..;)
I wish I'd said that.. The Staircase Wit
anahl nathrak uth vas betude doth yel dyenvey..;)
MoonGoat posted Sun, 27 February 2005 at 12:58 PM
Zhann, keeping Renderosity safe from black-hat wombats ... Thanks for the info Zhann!
Nevanna posted Mon, 28 February 2005 at 12:17 PM
Why is the session information stored in the URL anyway, instead of in a session object behind the scenes? Nevanna
MoonGoat posted Mon, 28 February 2005 at 6:12 PM
Because it would be too expensive for Bondware to fix.
Nevanna posted Tue, 01 March 2005 at 12:30 PM
It never should have been built that way in the first place....bad code design.
zescanner posted Tue, 01 March 2005 at 1:28 PM
Okay, I have a question relating to this. If I log myself out of Renderosity and leave the site and then come back in later but don't log in but stay noted as a "guest" then I can browse the galleries and the like. However, I sent myself an email with a link to a gallery image according to the specs you describe here (example: http://www.renderosity.com/viewed.ez?galleryid=819077 ) and when I click on that link it brings me to Renderosity but it asks me to log in. What's up with that? How can I send links of my images to friends if they are going to have to log-in when the click on the link? Why can't they just see the image? -Jeff
electric posted Wed, 02 March 2005 at 7:46 PM
thanks zhann