» Menu

» Login

» OB/Site News

Omerta News Integration
Comments: 24 - Views: 6334 - Votes: 0
War rating
Comments: 6 - Views: 8562 - Votes: 1
Reporters Wanted!
Comments: 2 - Views: 12768 - Votes: 3
» Articles
Date Comments Rating

General Comments & Major Rumors
Comments: 42,300 - Views: 2,756,406 - Votes: 66
17-10 No change of plans
Comments: 139 - Views: 8,680 - Votes: 1
17-10 Penta casino down!
Comments: 2 - Views: 425 - Votes: 0
17-10 Colossal and United akilled!
Comments: 12 - Views: 496 - Votes: 0
16-10 Blackseen
Comments: 54 - Views: 1,608 - Votes: 1
13-10 Prophecyyy down!
Comments: 8 - Views: 623 - Votes: 0
11-10 First family!
Comments: 4 - Views: 400 - Votes: 1
27-09 Round #1 Winner Announced
Comments: 24 - Views: 1,671 - Votes: 0
25-09 Reset timer started (again)
Comments: 46 - Views: 1,666 - Votes: 0
24-09 Autumn is comming?
Comments: 20 - Views: 1,145 - Votes: 0
go back
go forward
» Barafranca News

» Mafia News

» Online last 15 minutes

Guests: 153
Total members: 2875
Online: 0 (0%)
Members:
21-02 Identity theft [fixed]
Author: sbanks
Last updated: 2066d 17h 30m 12s ago by sbanks
Comments: 2
Views: 1,279
Votes: 0 (0 average)
Version: 3.3
article
The bug related "identity theft" got fixed, from now on, we will use sessions.

Written on 21st february:
We thought we were being smart when we created this site..

So instead of using "cookies" for a user session we used IP matches to identify a user, so he/she would stay/be auto logged in. This all Because cookies can be faked quite easily with some random Firefox addon.

Now we face a new problem, more and more people are using "public" networks with their smartphones.



The problem:
Lets say you have a smartphone and are using Vodafone, you open your browser and get the ip 1.1.1.1 from Vodafone. You log in on OmertaBeyond News read some comments, maybe post something, and leave the site again.

Now person B opens OmertaBeyond News, also using Vodafone, and gets the same IP Address from Vodafone (1.1.1.1) and is thus autocratically logged in as you, and can post as you.

The chances of this happening ain't really big, but the last week, I know (at least) 3 events.

Temporary solutions:
- Press logout when you are done visiting the site.
- Only login when you want to post
- Don't login and just use a ` or - behind your nickname when posting a comment

Notes:
- This can also happen when using the internet from your work place, as most computers will use only 1 gateway.
- No, people who accidentally get logged in on your account can't see your password, not even change it.
- Some one posted as you? join #beyond, and give me (sbanks) a pm, I'll remove the comment(s)
- Can't login anymore because you lost your password? #beyond

What we gonna do?
- We will add sessions based on cookies

I hope i informed everyone enough, for questions/remarks #beyond or /q sbanks hi
bennaz Netherlands (23:21:02 - 21-02)
Link Quote
Npnp xD
FooBarBaz (22:11:51 - 21-02)
Link Quote
Y U No Work ?!