Saturday - December 16th - 2017
» Menu

» Login

» OB/Site News

Omerta News Integration
Comments: 27 - Views: 6851 - Votes: 0
War rating
Comments: 6 - Views: 9022 - Votes: 2
Reporters Wanted!
Comments: 2 - Views: 12995 - Votes: 3
» Articles
Date Comments Rating

General Comments & Major Rumors
Comments: 42,970 - Views: 2,785,169 - Votes: 67
13-12 Battle for the Iron Throne
Comments: 225 - Views: 8,456 - Votes: 3
20-11 Reset!
Comments: 127 - Views: 3,736 - Votes: 0
18-11 War!
Comments: 41 - Views: 1,979 - Votes: 0
16-11 When lego gets boring
Comments: 128 - Views: 3,891 - Votes: 0
14-11 To mine, or not to mine.
Comments: 43 - Views: 1,535 - Votes: 0
12-11 Baltimore Conclusion
Comments: 73 - Views: 4,451 - Votes: 0
06-11 Out of Time ?
Comments: 216 - Views: 7,946 - Votes: 0
05-11 Little Late Don't You Think..?
Comments: 53 - Views: 2,133 - Votes: 0
01-11 Baltimore Trouble
Comments: 191 - Views: 6,866 - Votes: 0
go back
go forward
» Barafranca News

» Mafia News

» Online last 15 minutes

Guests: 177
Total members: 2912
Online: 4 (0.1%)
Members: ReBorN, DJ, Merton, Sanchoo
21-02 Identity theft [fixed]
Author: sbanks
Last updated: 2123d 23h 54m 21s ago by sbanks
Comments: 2
Views: 1,319
Votes: 0 (0 average)
Version: 3.3
article
The bug related "identity theft" got fixed, from now on, we will use sessions.

Written on 21st february:
We thought we were being smart when we created this site..

So instead of using "cookies" for a user session we used IP matches to identify a user, so he/she would stay/be auto logged in. This all Because cookies can be faked quite easily with some random Firefox addon.

Now we face a new problem, more and more people are using "public" networks with their smartphones.



The problem:
Lets say you have a smartphone and are using Vodafone, you open your browser and get the ip 1.1.1.1 from Vodafone. You log in on OmertaBeyond News read some comments, maybe post something, and leave the site again.

Now person B opens OmertaBeyond News, also using Vodafone, and gets the same IP Address from Vodafone (1.1.1.1) and is thus autocratically logged in as you, and can post as you.

The chances of this happening ain't really big, but the last week, I know (at least) 3 events.

Temporary solutions:
- Press logout when you are done visiting the site.
- Only login when you want to post
- Don't login and just use a ` or - behind your nickname when posting a comment

Notes:
- This can also happen when using the internet from your work place, as most computers will use only 1 gateway.
- No, people who accidentally get logged in on your account can't see your password, not even change it.
- Some one posted as you? join #beyond, and give me (sbanks) a pm, I'll remove the comment(s)
- Can't login anymore because you lost your password? #beyond

What we gonna do?
- We will add sessions based on cookies

I hope i informed everyone enough, for questions/remarks #beyond or /q sbanks hi
comments

Add a YouTube movie Add an image Add a link/url Help
bennaz Netherlands (23:21:02 - 21-02)
Link Quote
Npnp xD
FooBarBaz (22:11:51 - 21-02)
Link Quote
Y U No Work ?!