Dangerous information displayed to anybody!
- Algernon Sydney is Dead
- Moderator
- Posts: 3519
- Joined: Thu Oct 16, 2008 11:22 pm
- Location: PRK (California)
Dangerous information displayed to anybody!
Visited the site from a different computer (no cookies, no login) and this is what I see:
And this:
Obviously, it is a serious problem to show everyone (and everything) who looks, browser details and IP addresses for users! This information should be restricted to mods and admins.
Offering some admin controls to everyone, is misleading and poor practice, even if the guests will not have permission to actually effect administrative changes. At the least, this degrades user confidence in the forum's security and privacy protections.
And this:
Obviously, it is a serious problem to show everyone (and everything) who looks, browser details and IP addresses for users! This information should be restricted to mods and admins.
Offering some admin controls to everyone, is misleading and poor practice, even if the guests will not have permission to actually effect administrative changes. At the least, this degrades user confidence in the forum's security and privacy protections.
- StalinSays
- Beast-Master
- Posts: 1709
- Joined: Sat Oct 13, 2007 4:58 am
- Location: West Los Angeles, CA
- Contact:
Re: Dangerous information displayed to anybody!
Thinking it's because you're a global mod. Make a puppet account, double-check those options are still available to you. If so, yeh, needs to have a blanket thrown over it pronto.
- Algernon Sydney is Dead
- Moderator
- Posts: 3519
- Joined: Thu Oct 16, 2008 11:22 pm
- Location: PRK (California)
Re: Dangerous information displayed to anybody!
Already did that:
- No account.
- No cookies.
- Different machine.
- Different IP.
- tbaker2500
- Site Admin
- Posts: 3613
- Joined: Wed Nov 21, 2007 7:03 pm
- Location: West Lafayette, IN
- Contact:
Re: Dangerous information displayed to anybody!
What the...
Hokay, delving into it now.
Good catch, ASID!!!
Hokay, delving into it now.
Good catch, ASID!!!
You're my quasi-ichthian angel, you're my half-amphibian queen...
The Dribblecast, we don't care if you sound like an idiot.
The Dribblecast, we don't care if you sound like an idiot.
- tbaker2500
- Site Admin
- Posts: 3613
- Joined: Wed Nov 21, 2007 7:03 pm
- Location: West Lafayette, IN
- Contact:
Re: Dangerous information displayed to anybody!
Ok, it looks good now on my end. Is it clear on yours now?
It looks like an account merge went bidirectional instead on unidirectional, and the anonymous user got Founder privileges. Yikes.
Thanks for spotting that ASID!
It looks like an account merge went bidirectional instead on unidirectional, and the anonymous user got Founder privileges. Yikes.
Thanks for spotting that ASID!

You're my quasi-ichthian angel, you're my half-amphibian queen...
The Dribblecast, we don't care if you sound like an idiot.
The Dribblecast, we don't care if you sound like an idiot.
- Algernon Sydney is Dead
- Moderator
- Posts: 3519
- Joined: Thu Oct 16, 2008 11:22 pm
- Location: PRK (California)
Re: Dangerous information displayed to anybody!
Yep.tbaker2500 wrote:Ok, it looks good now on my end. Is it clear on yours now?
Looks like the "WHO IS ONLINE" is not even a link for unregistered viewers and does not show sensitive information to a normal member.
The admin-like controls, on the profile view (now not visible at all to guests), are all but gone and do not appear to let a regular member change anything.
On an important side note: The CAPTCHA is now way, WAY too hard!
It took me about 8 tries to create a test account. With the new, 1st-post moderation and post throttling, the CAPTCHA can safely be made passable for old geezers with ordinary vision.
See, perhaps, http://captcha2.com/.
- tbaker2500
- Site Admin
- Posts: 3613
- Joined: Wed Nov 21, 2007 7:03 pm
- Location: West Lafayette, IN
- Contact:
Re: Dangerous information displayed to anybody!
Gosh darn it, it didn't save my reCaptcha setting!
Were you getting s sudo-3d image? Yea, pretty awful. reCaptcha should be installed and running now. See if it's easier for you.
Thanks!
Were you getting s sudo-3d image? Yea, pretty awful. reCaptcha should be installed and running now. See if it's easier for you.
Thanks!
You're my quasi-ichthian angel, you're my half-amphibian queen...
The Dribblecast, we don't care if you sound like an idiot.
The Dribblecast, we don't care if you sound like an idiot.
- Algernon Sydney is Dead
- Moderator
- Posts: 3519
- Joined: Thu Oct 16, 2008 11:22 pm
- Location: PRK (California)
Re: Dangerous information displayed to anybody!
Yeah, that's better.
Thanks!
Thanks!
- tbaker2500
- Site Admin
- Posts: 3613
- Joined: Wed Nov 21, 2007 7:03 pm
- Location: West Lafayette, IN
- Contact:
Re: Dangerous information displayed to anybody!
Glad you caught these things.
It seems like the first post requiring moderation is helping.
It seems like the first post requiring moderation is helping.
You're my quasi-ichthian angel, you're my half-amphibian queen...
The Dribblecast, we don't care if you sound like an idiot.
The Dribblecast, we don't care if you sound like an idiot.
- Algernon Sydney is Dead
- Moderator
- Posts: 3519
- Joined: Thu Oct 16, 2008 11:22 pm
- Location: PRK (California)
Re: Dangerous information displayed to anybody!
Yeah, sure beats deleting 60 spams the hard way.
Re: Dangerous information displayed to anybody!
with a knife and fork like we did in the 80sAlgernon Sydney is Dead wrote:Yeah, sure beats deleting 60 spams the hard way.