If you have a script linked in your sig that attempts to set cookies in another person's browser, please remove it.

Such sigs are no longer allowed. :) If you have one like this, please make the change or we will do it for you.

Reason: For the sake of other members, we wish to ensure the security of their accounts and this site.

I don't get it, what is going on?

Some people are using active content in their signatures. Some of these call a script on another site to show the signature and some use cookies for that.

Does this include signature images with forum stats on them? Because a php script generates them

Yes, especially if they set a cookie.

Does this include signature images with forum stats on them? Because a php script generates them

Unfortunately yes. Before this didn't create a problem, but we now have users setting (intentionally or unintentionally) cookies from their sites and we can't afford to expose our users to this :)

Please not our new Signature Rule:

*hands Marco an "e"*

There still are ways around this, you can just .htacess the file to read as a .gif file and rename it.

*hands Marco an "e"*Lol, thanks. Changed

No problemo.

Heh. That would have looked dodgy if this were vbdanceparty.org. :)

There still are ways around this, you can just .htacess the file to read as a .gif file and rename it.
Of course, but if we find out, we will remove the sig. :) It just poses a possible security issue - not likely, but some members don't like getting security warnings in their browsers from sigs. :)

I don't really get this. All someone would need to do is the .htaccess method if they want to leave a cookie. Hell, the image doesn't even have to be dynamic. I can see why you'd want to get rid of the "bad" ones (such as ones leaving cookies and such) but innocent dynamic images (such as ones with their board's stats, or a countdown like mine) aren't doing any more harm than a normal .gif would. Even if the PHP script logged some data, it would be no more than can be harvested from a normal .gif images and some stats programs.

A tad overkill imo but for peace and harmony and the fact it don't effect me, i'll go with it :)

I say the rule should concern images setting cookies only.
Sure it would provide more hassle for the staff, but after all the number of pi$$ed off users would be a bigger hassle :p
Not that I give a flying feck either ways, as I cram way too much txt into my sig to fit an image XD

I say the rule should concern images setting cookies only.
Sure it would provide more hassle for the staff, but after all the number of pi$$ed off users would be a bigger hassle :p
Not that I give a flying feck either ways, as I cram way too much txt into my sig to fit an image XD
Good point. :)

I've changed the rule so it's more sensible.

I'm a bit confused - doesn't this mean no one can link to a vb forum (or probably most websites) in their sig - since visiting any forum / site usually sets a cookie.

I'm a bit confused - doesn't this mean no one can link to a vb forum (or probably most websites) in their sig - since visiting any forum / site usually sets a cookie.
No, it means no one can have an image in their signature that sets a cookie.

No, it means no one can have an image in their signature that sets a cookie.
Dynamic scripts pretending to be images that try to set cookies. Other dynamic image files etc are allowed.

I don't think my sig image is a problem, but if you could say if you want me to remove it or what ;)

Satan