Comments on: NOTICE TO MODERATORS https://habitablezone.com/2012/05/21/notice-to-moderators/ Fri, 03 Apr 2026 22:41:18 -0700 hourly 1 http://wordpress.org/?v=3.3.1 By: bowser https://habitablezone.com/2012/05/21/notice-to-moderators/#comment-15255 bowser Wed, 23 May 2012 01:32:35 +0000 http://habitablezone.com/?p=15345#comment-15255 Sometimes you have to screw with it a while. :-) Sometimes you have to screw with it a while. :-)

]]> By: Robert https://habitablezone.com/2012/05/21/notice-to-moderators/#comment-15252 Robert Wed, 23 May 2012 00:28:56 +0000 http://habitablezone.com/?p=15345#comment-15252 I moved your post to Community so I wouldn't have to talk in public about the fact that you found a rather serious hole in the Zone's security. I read your clarification this morning, reproduced it and discovered a design flaw in security, and I've spend the rest of the day fixing it. I'd welcome it if you'd like to verify my claim to have fixed it. The hole consisted of fooling the site into thinking it's displaying an unrestricted page, i.e. anything other than Community, while displaying a post that should have been restricted; i.e. one from Community. The software formerly responded to appending the code for a board other than Community on to the URL, such as "prosc_ttid=7". If you display a Community post (right-click the title and launch in a new tab or window) while logged-in, that should work fine. Log out, and the post should be inaccessible. Append "?prosc_ttid=7" to the URL in the address bar, and try again. The page should lift its skirts just a little bit, coyly showing posts in Recent Posts that are public and OK to see...but no Community posts there, or in the center. So I hope, anyway. Thanks again for your help, Johannes. I moved your post to Community so I wouldn’t have to talk in public about the fact that you found a rather serious hole in the Zone’s security. I read your clarification this morning, reproduced it and discovered a design flaw in security, and I’ve spend the rest of the day fixing it.

I’d welcome it if you’d like to verify my claim to have fixed it. The hole consisted of fooling the site into thinking it’s displaying an unrestricted page, i.e. anything other than Community, while displaying a post that should have been restricted; i.e. one from Community.

The software formerly responded to appending the code for a board other than Community on to the URL, such as “prosc_ttid=7″. If you display a Community post (right-click the title and launch in a new tab or window) while logged-in, that should work fine. Log out, and the post should be inaccessible. Append “?prosc_ttid=7″ to the URL in the address bar, and try again. The page should lift its skirts just a little bit, coyly showing posts in Recent Posts that are public and OK to see…but no Community posts there, or in the center.

So I hope, anyway.

Thanks again for your help, Johannes.

]]> By: johannes https://habitablezone.com/2012/05/21/notice-to-moderators/#comment-15226 johannes Tue, 22 May 2012 02:49:15 +0000 http://habitablezone.com/?p=15345#comment-15226 It seems to work in the described manner only if I go to the site from the side bar but not from the top bar. In other words, if I open a site such as flame or some other board from the side bar, then go to the community board through the side bar, that is when the words “flame” or whatever board still remain on my screen, but at the same time it lets me in the community board. At least to read the post. did you design it that way? Seems to be consistent. It seems to work in the described manner only if I go to the site from the side bar but not from the top bar.
In other words, if I open a site such as flame or some other board from the side bar, then go to the community board through the side bar, that is when the words “flame” or whatever board still remain on my screen, but at the same time it lets me in the community board. At least to read the post. did you design it that way?
Seems to be consistent.

]]> By: Robert https://habitablezone.com/2012/05/21/notice-to-moderators/#comment-15214 Robert Mon, 21 May 2012 22:16:13 +0000 http://habitablezone.com/?p=15345#comment-15214 Did as you described, but Community showed the access-denied message. Does this happen to you consistently, Johannes? If so, can I get some more info, like whether you have cookies and JavaScript enabled. The Zone doesn't place any kind of permanent tracking cookies, but it does need a transient session cookie to consistently recognize you. Did as you described, but Community showed the access-denied message.

Does this happen to you consistently, Johannes? If so, can I get some more info, like whether you have cookies and JavaScript enabled. The Zone doesn’t place any kind of permanent tracking cookies, but it does need a transient session cookie to consistently recognize you.

]]>