Subj : Re: WEB Access BBSes
To   : haliphax
From : Jon Watson
Date : Wed Oct 27 2004 09:05 am

======>>> haliphax, 1:2800/18 wrote:

Originally to: Jon Watson

JW> What's the hole? I don't see it. If you're referring to the ability for a
JW> person to use another person's name on another node, that's nothing new or
JW> specific to web bbses....

wow. that is quite a security flaw. isn't that something that can be easily
fixed? apparently, it happened by accident in this case (in michael's case)..

i know it's not that hard to do in php, anyway.

-todd

|07� � �--haliphax |15//|07rMRS
|02� � � cotm.dyndns.org
|07� � � �vanguard mods


<<<====== end quote


See, I must be misunderstanding. Here's what I'm talking about:

I have an account on BBS A as Jon Watson. I'm a mean-spirited bastard, so I go
to BBS B and create a new account under your name. Now any messages I post from
BBS B appear to come from you and unless someone is cognizant enough to notice
that your node number has changed, you would get blamed for everything I post.

This isn't a security issue per se; it's an artifact of running individual,
unconnected systems.

Surely we're talking about two different things, no?

Jon

-FOTW: read your
Fidonet On The Web!
http://www.theheatsinkbbs.ca :=-
--- Internet Rex 2.29
* Origin: The gateway at The HeatSink BBS  (1:134/703)

You are viewing proxied material from vert.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.