Runboard.com
Слава Україні!
Lost? Hover on Bookmarks!
Runboard Extra! The Runboard Directory Runboard Knowledge Base

Welcome to Runboard Support, the place to find help with your Runboard user account or message board.

If you can't find the answer you need with our search feature, ask here, and a member of staff will respond to you personally.

Chat room Runboard Knowledge Base (wiki) Search Facebook Twitter

runboard.com       You are not logged in.

Page:  1  2 

 
Seitan Profile
Live feed
Blog
Friends
Miscellaneous info

Registered user

Registered: 06-2003
Location: Lithuania
Posts: 4
Karma: 0 (+0/-0)
Reply | Quote
[FIXED] Security bug (forum posts security)


There's a security leak in the forums:
users can view topics of restricted rooms! - if you just viewed information of the user, which is alowed to post in those forums, his posts (even restricted ones) are visible i his profile!

Last edited by Pastor Rick, 8/31/2011, 2:43 pm


---
__________________________<br>
Best wishes....<br>
Seitan end Yvl<br>
Owner of:<br>
<a href="http://legacysystems.org" title="Legacy Systems(c)">Legacy Systems (c)</a><br>
[Solutions for your Windows system]
7/5/2003, 9:38 am Link to post Email Seitan   PM Seitan
 
RainbowWarriorDan Profile
Live feed
Blog
Friends
Miscellaneous info

Regular poster

Registered: 05-2003
Location: Manchester, UK
Posts: 201
Karma: 0 (+0/-0)
Reply | Quote
Re: Security bug


Can the user see what the post contains or just the title of the topic in the members last post list?

---

7/5/2003, 4:43 pm Link to post Email RainbowWarriorDan   PM RainbowWarriorDan
 
Jag Profile
Live feed
Blog
Friends
Miscellaneous info

A Posting Machine
Runboard user emeritus

Registered: 03-2003
Location: Blueshout
Posts: 2128
Karma: 42 (+72/-30)
Reply | Quote
Re: Security bug


quote:

Seitan wrote:

There's a security leak in the forums:
users can view topics of restricted rooms! - if you just viewed information of the user, which is alowed to post in those forums, his posts (even restricted ones) are visible i his profile!


Do you mean like Thor's post in the mod office? If so you can see the topic title but you can click on it to see that post, you can only see it if you have the access to see it.

---



7/5/2003, 5:04 pm Link to post Email Jag   PM Jag AIM MSN Blog
 
Seitan Profile
Live feed
Blog
Friends
Miscellaneous info

Registered user

Registered: 06-2003
Location: Lithuania
Posts: 4
Karma: 0 (+0/-0)
Reply | Quote
Re: Security bug


Yep, you can't see the message body, but you can see the topic itself, and it is not a good thing. - restricted rooms means than noone wihout permission can read nay information there...

---
__________________________<br>
Best wishes....<br>
Seitan end Yvl<br>
Owner of:<br>
<a href="http://legacysystems.org" title="Legacy Systems(c)">Legacy Systems (c)</a><br>
[Solutions for your Windows system]
7/6/2003, 9:22 am Link to post Email Seitan   PM Seitan
 
Rimmer Profile
Live feed
Blog
Friends
Miscellaneous info



Registered: 04-2003
Location: Straylia
Posts: 9750
Karma: 471 (+519/-48)
Reply | Quote
Re: Security bug


It's not a bug - they just need to switch off the 'view last posts' option.
7/6/2003, 9:31 am Link to post   Blog
 
RainbowWarriorDan Profile
Live feed
Blog
Friends
Miscellaneous info

Regular poster

Registered: 05-2003
Location: Manchester, UK
Posts: 201
Karma: 0 (+0/-0)
Reply | Quote
Re: Security bug


Its not the best thing in the world but seeing the topic title is not a serius problem, the title usualy contains little or no information anyway.

---

7/6/2003, 5:39 pm Link to post Email RainbowWarriorDan   PM RainbowWarriorDan
 
Seitan Profile
Live feed
Blog
Friends
Miscellaneous info

Registered user

Registered: 06-2003
Location: Lithuania
Posts: 4
Karma: 0 (+0/-0)
Reply | Quote
Re: Security bug


quote:

Rimmer wrote:

It's not a bug - they just need to switch off the 'view last posts' option.


Is this option available for the mods, or you need to change forum code itself?

---
__________________________<br>
Best wishes....<br>
Seitan end Yvl<br>
Owner of:<br>
<a href="http://legacysystems.org" title="Legacy Systems (c) solutions">Legacy Systems (c)</a><br>
[Solutions for your Windows system]
7/7/2003, 10:07 am Link to post Email Seitan   PM Seitan
 
spouzic Profile
Live feed
Blog
Friends
Miscellaneous info

A Posting Machine
Runboard user emeritus

Registered: 04-2003
Location: Hell
Posts: 2803
Karma: 1 (+104/-103)
Reply | Quote
Re: Security bug


not allowing others to view your latest posts is an individual user option available to everyone.
control panel> misc. settings. > the last thing listed should be UNchecked to make last few posts private.

-Christina
7/7/2003, 10:11 am Link to post Email spouzic   PM spouzic AIM MSN Yahoo Blog
 
Seitan Profile
Live feed
Blog
Friends
Miscellaneous info

Registered user

Registered: 06-2003
Location: Lithuania
Posts: 4
Karma: 0 (+0/-0)
Reply | Quote
Re: Security bug


But this will make all latest post invisible!
that's not good... - only the restricted ones must be invisible...

---
__________________________<br>
Best wishes....<br>
Seitan end Yvl<br>
Owner of:<br>
<a href="http://legacysystems.org" title="Legacy Systems (c) solutions">Legacy Systems (c)</a><br>
[Solutions for your Windows system]
7/7/2003, 11:06 am Link to post Email Seitan   PM Seitan
 
Iansgirl Profile
Live feed
Blog
Friends
Miscellaneous info



Registered: 03-2003
Location: Mi Vida Loca
Posts: 1794
Karma: 26 (+41/-15)
Reply | Quote
Re: Security bug


It is just the title not a big deal.

---



7/7/2003, 4:19 pm Link to post PM Iansgirl AIM MSN Yahoo Blog
 


Add a reply

Page:  1  2 



You are not logged in (login)