Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Button insecurity

by Wassercrats
on Sep 18, 2004 at 19:06 UTC ( #392021=monkdiscuss: print w/replies, xml ) Need Help??

Since my last post about this got reaped, I'll try again without mentioning anyone by name.

When someone is ignored, there should be a pop-up, or some kind of obvious notification to make sure the ignorer knows he ignored someone. It's possible to put a button on your home node that makes you ignore someone, and in at least one case, someone put a button too close to a random image link that people press over and over.

This is only one security problem with Perl Monks. Actually, before fixing that, the cookie problem should be fixed, if that one still exists. It allows you to log on as another user if you get someone to click your button. Did that ever get fixed?

And how about some guideline that says to keep the redeemable part of a reaped post, assuming there's a largely redeemable part? That would have prevented some of my posts from being totally reaped.

Replies are listed 'Best First'.
Re: Button insecurity
by castaway (Parson) on Sep 18, 2004 at 19:18 UTC
    To answer your points:
    1) This would produce quite a few pop-ups for those that actually use ignore, and doesnt sound very practical to me. There is a way of finding out who you are ignoring: ignored users, so if you think you're ignoring someone you don't want to, look there.
    2) You've misunderstood the problem here. Nobody steals your cookie, or logs in as you. You clicking the link causes *your* browser to send a query to PerlMonks requesting it to do something for you.
    3) Sorry, but I don't agree. If people want to present their problems/complaints in a sensible and non-whiny, non-attacking manner, like this one, we'll listen. Else, it just looks like blowing off steam, and will be ignored.

    My reccommendation: Think before you post, think about your readers, and what you want them to think of you. How would you perceive your posts?

    C.

    A reply falls below the community's threshold of quality. You may see it by logging in.
    A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Button insecurity
by eric256 (Parson) on Sep 18, 2004 at 20:03 UTC

    Once agian, your own home node makes use of such buttons. Perhaps you should lead by example and not make use of such things. Instead make your home node a warning to others about the possibly malicious uses of buttons and javascript that some people might use on their home nodes. This would certainly lend your argument more credence. Advocate safe surfing habits instead of trying to limit what monks can or cannot do with there home nodes. Everyone should know that homenodes HTML is created by the user and can therefor be used for good or evil purpouses. I for one don't care for a the big brother theme of controlling every aspect. If you want to educate people on how to be safe while surfing then internet that would be a true service to the community and instead of just pointing to problems you would be helping fix them.


    ___________
    Eric Hodges
Re: Button insecurity
by CountZero (Bishop) on Sep 19, 2004 at 09:53 UTC
    The whole idea of ignoring someone is not getting bothered by him/her. A pop-up would really defeat this purpose.

    CountZero

    "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

    A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Button insecurity
by Fineous_Fingers (Novice) on Sep 20, 2004 at 20:35 UTC
    I think that pushing *any* button without first examining it's programming is just irresponsible.

    If someone wanted to put an Ignore Fineous button on their home node, labeled or not, I would consider that to be one of the most Innocuous things one could do.
Re: Button insecurity
by Anonymous Monk on Oct 02, 2004 at 07:25 UTC
    You should lead example

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: monkdiscuss [id://392021]
Approved by castaway
Front-paged by grinder
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (3)
As of 2020-12-03 04:55 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    How often do you use taint mode?





    Results (50 votes). Check out past polls.

    Notices?