Announcement

Collapse
No announcement yet.

Password appears in the location field

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Password appears in the location field

    It happens only when logging in directly in the Private Messages Inbox before posting or doing anything else.

    I didn't used to do this, but once did and was quite surprised to discover this. So I made a few experiments, and apparently the cookie remembers the session if you posted so the password does not appear.

    But it does appear in simple text if you haven't logged in before.

    http://www.apolyton.net/cgi-bin/ubb/privateview.cgi?user=Sirotnikov&pass=my_actual_pas sword

    This could show the password to people around you, and if you're meeting someone aware of this forums in your house or an internet caf`e your password could be revealed.

    So could you pretty please change the form method of the private messages login page to POST instead of GET?
    Tags: None
  • #2
    hey I tried getting into your account with the password: my_actual_password and it didn't work

    this has been know, but I guess they don't care. they never fixed it. but it doesn't do it for me.

    Comment

    • #3
      we are aware of the issue since we added the feature. fixing it would require a total rewrite of the functions and it's not on the top of our priorities. if you dont feel safe, dont use it...


      btw, it's not just the login page(which i changed to post), but it's also the reply buttons, etc....

      Comment

      • #4
        <center><table width=80%><tr><td><font color=000080 face="Verdana" size=2><font size="1">quote:
        <img src="/images/blue1.gif" width=100% height=1>
        </font><font size=1>Originally posted by Sirotnikov on 04-12-2001 12:44 PM</font>

        Oh, and dissident, did you really expect me to write REW67sd5X is my password?
        <img src="/images/blue1.gif" width=100% height=1></font></td></tr></table></center>

        I tried that. No results.

        "Beware of he who would deny you access to information, for in his heart he dreams himself your master" - Commissioner Pravin Lal.

        Comment

        • #5
          Well I met this problem most ly in Netscape. Explorer seems to remember my identity. I just wanted to make sure people are aware of this small glitch.

          Thanks for the fast reply.

          Oh, and dissident, did you really expect me to write REW67sd5X is my password?

          Comment

          • #6
            Cool! I tried it again with NS and it doesn't show the password anymore. Thanks

            Comment

            • #7
              Remember, Siro, that unlike PHP (where you'd have a small included function in which all you would need to change was the word "GET" to the word "POST" a few times), CGI has completely illogical and confusing parsing functions for the things PHP does automatically, like assign GET and POST variables to named strings.

              Comment

              Previous template Next
              Working...
              X