Web Apps


uiWebPrevious1uiWebNext

#1

After login on page "http://atys.ryzom.com/start/index.php" and follow the link to the forum or mail, the browser shows these url's


http://app.ryzom.com/app_forum/?shardid=102&name=CHARNAME& ;cid=1234567&lang=de&authkey=abcdef1234567890abcdef123456 7890

http://atys.ryzom.com/start/app_mail.php?shardid=102&name=CHA RNAME&cid=1234567&lang=de&authkey=abcdef1234567890abc def1234567890


If you use these links, no login with name and password longer required and you can go directly to the forum- or mail application, ...

I think, for using this at home it is feature, but at public places it is a security problem or?

Session ID's can be a solution :)

#2

Stop to question a "feature" which makes an automatic monitoring of the forum for new entries easy, square!
This has been working flawlessly for months now .. :P
Notwithstanding, I admit, that the level of attention I have been paying to these forums has dropped a lot during the last months, so I'll survive if someone will fix this *cough" .. "little" security flaw. I'ts just an ingame forum, anyways.
As long as nobody gets his hands on my key or browser history, people will still have to poorly imitate my character name and fetch my guild icon to fool people into perceiving me as the author of their posts. *laughs*

---

[ˈtʌʎˌjaː ˈʃʌtˑənˌtans] - The wog with the whip! Always takin' care for purposive Ryzom development and conductive community behavior via appropriate amounts of well-placed criticism.
Botherin' homins since Aug '06 - Nuttin' ta lose, but a bad rep.
DE, EN, C++, ASM, MHD, ahd, nl (Ik werk eraan als een ploegpaard), it, lat

#3

Zetus (Leanon)
I think, for using this at home it is feature, but at public places it is a security problem or?

No, this isn't a security problem at public places. It is a feature.

If you logged in public place to this forum, you already send all required login data (Including your Password) in plain text. So don't worry.

---

Trini | 'Ys kard' | Arispotle
First and last of the Darkmoor Rangers

#4

Trini (Arispotle)
No, this isn't a security problem at public places. It is a feature.

If you logged in public place to this forum, you already send all required login data (Including your Password) in plain text. So don't worry.
It was and it's still a security problem, that's why the login system should use https instead of http.

#5

I should have placed sarcasm braces...

As long as the login process isn't protected by SSL encrypted data transmission, in my opinion the authkey mechanism is only annoying.

---

Trini | 'Ys kard' | Arispotle
First and last of the Darkmoor Rangers

#6

re Talva: The behaviour changed for me (and for others as well): The auto-login did not work three weeks ago. I believe it changed sometime last week 8-16th of May.
uiWebPrevious1uiWebNext
 
Last visit Thursday, 28 March 22:58:29 UTC
P_:

powered by ryzom-api