Page 2 of 2
As a wish
Posted: Sun Jun 29, 2003 12:08 pm
by Psychophanta
Hallo, Paul.
As a wish, at your site i miss the posibility about to delete or edit a user resource "in situ".
I mean, each user, with his own name and pass to your site, could change, or delete his own snippet, app, game, etc.
Posted: Tue Jul 15, 2003 5:45 pm
by fsw
Hi Paul,
when I go to your site and see in the URL field:
How comes
Don't you think that this is a security hole
Well I do
Never ever I see my password in the URL field.
Besides: I didn't sign up to your site.
The only thing I did over an year ago was to sign-up in your forum that you had back then.
I don't think it's appropriate to get a password from a forum database and publish it in the URL field of a Internet client or use it for a different purpose like as user information for your site.
Is there a possibility to kill my whole data in your database
Posted: Fri Jul 18, 2003 10:04 pm
by Karbon
While odd, it's not anymore insecure than anything else not encrypted (SSL). The only additional security hazard I can see is if you were to give that link to someone without seeing that it contained your username and password..
Generally the way I do my web based login stuff is the username and password is passed from the client to the server once, and generally over SSL. Then a "logged in" flag (either a cookie or other session variable) is set to true and a "permission" value is associated with the session to control user access..