Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

Button insecurity

by Wassercrats
on Sep 18, 2004 at 19:06 UTC ( #392021=monkdiscuss: print w/ replies, xml ) Need Help??

Since my last post about this got reaped, I'll try again without mentioning anyone by name.

When someone is ignored, there should be a pop-up, or some kind of obvious notification to make sure the ignorer knows he ignored someone. It's possible to put a button on your home node that makes you ignore someone, and in at least one case, someone put a button too close to a random image link that people press over and over.

This is only one security problem with Perl Monks. Actually, before fixing that, the cookie problem should be fixed, if that one still exists. It allows you to log on as another user if you get someone to click your button. Did that ever get fixed?

And how about some guideline that says to keep the redeemable part of a reaped post, assuming there's a largely redeemable part? That would have prevented some of my posts from being totally reaped.

Comment on Button insecurity
Re: Button insecurity
by castaway (Parson) on Sep 18, 2004 at 19:18 UTC
    To answer your points:
    1) This would produce quite a few pop-ups for those that actually use ignore, and doesnt sound very practical to me. There is a way of finding out who you are ignoring: ignored users, so if you think you're ignoring someone you don't want to, look there.
    2) You've misunderstood the problem here. Nobody steals your cookie, or logs in as you. You clicking the link causes *your* browser to send a query to PerlMonks requesting it to do something for you.
    3) Sorry, but I don't agree. If people want to present their problems/complaints in a sensible and non-whiny, non-attacking manner, like this one, we'll listen. Else, it just looks like blowing off steam, and will be ignored.

    My reccommendation: Think before you post, think about your readers, and what you want them to think of you. How would you perceive your posts?

    C.

      You said "Think before you post, think about your readers, and what you want them to think of you. How would you perceive your posts?"

      With people calling me an idiot and saying stuff like in this post, etc, etc, how am I supposed to know that I can't even say diotalevi should be punished? Should I go by the Perlmonks guidelines? That wouldn't work, because Aristotle, and the vast majority of others with the power to vote to reap ignore the guidelines.

      I know how some people might perceive my posts when I post them, but I won't conform to Perlmonk's corrupt, unfair and insulting ways just to be liked by corrupt, unfair and insulting people.

        The above post was from me.
        I don't particularly want to get into a discussion about this, but I'll bite anyway. (btw, did you forget to login?). The point/problem is not WHAT the post says, but how. My post above, for example, could have said 'You idiot, you clicked on the button, its your browser what did it', or some such, but I chose to just explain calmly.

        The only guidelines here are social ones, either one conforms, work with/like the majority, or one might was well leave. Theres never been much sense in joining a community and trying to force it to conform to your ways, if you're in a minority. It just won't work.

        C.

      You said "Nobody steals your cookie, or logs in as you. You clicking the link causes *your* browser to send a query to PerlMonks requesting it to do something for you."

      From CB:

      diotalevi 2004-09-18 18:34:02
      Oh well... don't keep JS on *my* account. I'm just using the neat tricks while I can. I even touch your cookie and use it to generate a URL

        And here's the rest of the quote, for the record:

        "I even touch your cookie and use it to generate a URL to get Markov Yourself to work."

        No malicious intent, no account stealing, just some good old-fashioned fun.

        He uses JS to get only your username, not your password (hes nice like that).
Re: Button insecurity
by eric256 (Parson) on Sep 18, 2004 at 20:03 UTC

    Once agian, your own home node makes use of such buttons. Perhaps you should lead by example and not make use of such things. Instead make your home node a warning to others about the possibly malicious uses of buttons and javascript that some people might use on their home nodes. This would certainly lend your argument more credence. Advocate safe surfing habits instead of trying to limit what monks can or cannot do with there home nodes. Everyone should know that homenodes HTML is created by the user and can therefor be used for good or evil purpouses. I for one don't care for a the big brother theme of controlling every aspect. If you want to educate people on how to be safe while surfing then internet that would be a true service to the community and instead of just pointing to problems you would be helping fix them.


    ___________
    Eric Hodges
Re: Button insecurity
by CountZero (Bishop) on Sep 19, 2004 at 09:53 UTC
    The whole idea of ignoring someone is not getting bothered by him/her. A pop-up would really defeat this purpose.

    CountZero

    "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

      I said "make sure the ignorer knows he ignored someone." I'm not asking to know who ignored me. I just want to make sure I don't ignore someone else by accident.

        Well, it's possible to see what users you're ignoring by going to ignored users. Also, when you ignore someone, a small italic "you are now ignoring foo" appears at the bottom of the chatterbox nodelet. That's notification. It's easy to ignore, which is both a flaw and part of the point -- as has been mentioned by others, obnixious notification rather spoils the point.


        Warning: Unless otherwise stated, code is untested. Do not use without understanding. Code is posted in the hopes it is useful, but without warranty. All copyrights are relinquished into the public domain unless otherwise stated. I am not an angel. I am capable of error, and err on a fairly regular basis. If I made a mistake, please let me know (such as by replying to this node).

Re: Button insecurity
by Fineous_Fingers (Novice) on Sep 20, 2004 at 20:35 UTC
    I think that pushing *any* button without first examining it's programming is just irresponsible.

    If someone wanted to put an Ignore Fineous button on their home node, labeled or not, I would consider that to be one of the most Innocuous things one could do.
Re: Button insecurity
by Anonymous Monk on Oct 02, 2004 at 07:25 UTC
    You should lead example

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: monkdiscuss [id://392021]
Approved by castaway
Front-paged by grinder
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (12)
As of 2014-08-22 14:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (158 votes), past polls