» Menu

» Login

» OB/Site News

Omerta News Integration
Comments: 57 - Views: 49230 - Votes: 0
War rating
Comments: 10 - Views: 24743 - Votes: 4
Reporters Wanted!
Comments: 2 - Views: 17642 - Votes: 3
» Articles
Date Comments Rating

General Comments & Major Rumors
Comments: 57,652 - Views: 13,853,878 - Votes: 81
Endless Struggle !
Comments: 336 - Views: 10,445 - Votes: 0
23-09 Reset → 30 September 2022, Friday → 12:00 OT
Comments: 64 - Views: 7,435 - Votes: 0
30-09 Welcome to Round #40!
Comments: 2 - Views: 1,381 - Votes: 0
19-09 Congratulations Reichsthaler!
Comments: 0 - Views: 1,090 - Votes: 0
01-09 Not Penny's boat..
Comments: 72 - Views: 12,316 - Votes: 0
21-08 First Family!
Comments: 6 - Views: 1,404 - Votes: 0
12-08 Welcome to Round #39
Comments: 5 - Views: 1,926 - Votes: 0
03-08 Reset → 12 August 2022, Friday → 10:00 OT
Comments: 17 - Views: 3,855 - Votes: 0
27-07 Congratulations Vengeance!
Comments: 8 - Views: 1,889 - Votes: 0
go back
go forward
» Barafranca News

» Online last 15 minutes

Guests: 800
Total members: 3720
Online: 0 (0%)
Members:
21-02 Identity theft [fixed]
Author: sbanks
Last updated: 4418d 8h 1m 54s ago by sbanks
Comments: 2
Views: 3,653
Votes: 0 (0 average)
Version: 3.3
article
The bug related "identity theft" got fixed, from now on, we will use sessions.

Written on 21st february:
We thought we were being smart when we created this site..

So instead of using "cookies" for a user session we used IP matches to identify a user, so he/she would stay/be auto logged in. This all Because cookies can be faked quite easily with some random Firefox addon.

Now we face a new problem, more and more people are using "public" networks with their smartphones.



The problem:
Lets say you have a smartphone and are using Vodafone, you open your browser and get the ip 1.1.1.1 from Vodafone. You log in on OmertaBeyond News read some comments, maybe post something, and leave the site again.

Now person B opens OmertaBeyond News, also using Vodafone, and gets the same IP Address from Vodafone (1.1.1.1) and is thus autocratically logged in as you, and can post as you.

The chances of this happening ain't really big, but the last week, I know (at least) 3 events.

Temporary solutions:
- Press logout when you are done visiting the site.
- Only login when you want to post
- Don't login and just use a ` or - behind your nickname when posting a comment

Notes:
- This can also happen when using the internet from your work place, as most computers will use only 1 gateway.
- No, people who accidentally get logged in on your account can't see your password, not even change it.
- Some one posted as you? join #beyond, and give me (sbanks) a pm, I'll remove the comment(s)
- Can't login anymore because you lost your password? #beyond

What we gonna do?
- We will add sessions based on cookies

I hope i informed everyone enough, for questions/remarks #beyond or /q sbanks hi
comments

Add a YouTube movie Add an image Add a link/url Help
bennaz Netherlands (23:21:02 - 21-02)
Link Quote
Npnp xD
FooBarBaz (22:11:51 - 21-02)
Link Quote
Y U No Work ?!