Friday - June 23rd - 2017
» Menu

» Login

» OB/Site News

Omerta News Integration
Comments: 22 - Views: 4979 - Votes: 0
War rating
Comments: 6 - Views: 7469 - Votes: 1
Reporters Wanted!
Comments: 2 - Views: 11989 - Votes: 3
» Articles
Date Comments Rating

General Comments & Major Rumors
Comments: 41,234 - Views: 2,683,882 - Votes: 60
21-06 Bullets lost!
Comments: 5 - Views: 522 - Votes: 0
15-06 Let's pray for the best!
Comments: 21 - Views: 1,633 - Votes: 0
13-06 Some Riot
Comments: 16 - Views: 1,837 - Votes: 1
09-06 TGIF
Comments: 35 - Views: 3,279 - Votes: 1
Discordia's Fall
Comments: 5 - Views: 535 - Votes: 1
Hammer Struck, Godhand Rises!
Comments: 5 - Views: 434 - Votes: 1
The Final Chapter!! - RESET Friday! (26/05) updated
Comments: 20 - Views: 1,238 - Votes: 1
Crossfire Favour
Comments: 27 - Views: 1,619 - Votes: 1
Sending Death Bed! - Berserk!
Comments: 16 - Views: 1,088 - Votes: 2
go back
go forward
» Barafranca News

» Mafia News

» Online last 15 minutes

Guests: 66
Total members: 2807
Online: 3 (0.1%)
Members: Kapow, Corvleone, Troja
21-02 Identity theft [fixed]
Author: sbanks
Last updated: 1948d 2h 0m 0s ago by sbanks
Comments: 2
Views: 1,144
Votes: 0 (0 average)
Version: 3.3
article
The bug related "identity theft" got fixed, from now on, we will use sessions.

Written on 21st february:
We thought we were being smart when we created this site..

So instead of using "cookies" for a user session we used IP matches to identify a user, so he/she would stay/be auto logged in. This all Because cookies can be faked quite easily with some random Firefox addon.

Now we face a new problem, more and more people are using "public" networks with their smartphones.



The problem:
Lets say you have a smartphone and are using Vodafone, you open your browser and get the ip 1.1.1.1 from Vodafone. You log in on OmertaBeyond News read some comments, maybe post something, and leave the site again.

Now person B opens OmertaBeyond News, also using Vodafone, and gets the same IP Address from Vodafone (1.1.1.1) and is thus autocratically logged in as you, and can post as you.

The chances of this happening ain't really big, but the last week, I know (at least) 3 events.

Temporary solutions:
- Press logout when you are done visiting the site.
- Only login when you want to post
- Don't login and just use a ` or - behind your nickname when posting a comment

Notes:
- This can also happen when using the internet from your work place, as most computers will use only 1 gateway.
- No, people who accidentally get logged in on your account can't see your password, not even change it.
- Some one posted as you? join #beyond, and give me (sbanks) a pm, I'll remove the comment(s)
- Can't login anymore because you lost your password? #beyond

What we gonna do?
- We will add sessions based on cookies

I hope i informed everyone enough, for questions/remarks #beyond or /q sbanks hi
bennaz Netherlands (23:21:02 - 21-02)
Link Quote
Npnp xD
FooBarBaz (22:11:51 - 21-02)
Link Quote
Y U No Work ?!