vb.org Archive - Scripts in sigs that SET COOKIES will no longer be allowed at vBulletin.org

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- News and Announcements (https://vborg.vbsupport.ru/forumdisplay.php?f=2)

- - Scripts in sigs that SET COOKIES will no longer be allowed at vBulletin.org (https://vborg.vbsupport.ru/showthread.php?t=82333)

Erwin

06-01-2005 12:46 AM

Scripts in sigs that SET COOKIES will no longer be allowed at vBulletin.org

If you have a script linked in your sig that attempts to set cookies in another person's browser, please remove it.

Such sigs are no longer allowed. :) If you have one like this, please make the change or we will do it for you.

Reason: For the sake of other members, we wish to ensure the security of their accounts and this site.

Logikos

06-01-2005 06:58 AM

I don't get it, what is going on?

Marco van Herwaarden

06-01-2005 07:08 AM

Some people are using active content in their signatures. Some of these call a script on another site to show the signature and some use cookies for that.

Blam Forumz

06-01-2005 07:58 AM

Does this include signature images with forum stats on them? Because a php script generates them

Marco van Herwaarden

06-01-2005 10:42 AM

Yes, especially if they set a cookie.

Dean C

06-01-2005 10:42 AM

Quote:

Originally Posted by Blam Forumz

Does this include signature images with forum stats on them? Because a php script generates them

Unfortunately yes. Before this didn't create a problem, but we now have users setting (intentionally or unintentionally) cookies from their sites and we can't afford to expose our users to this :)

kall	06-01-2005 10:45 AM

Quote:

Originally Posted by MarcoH64's signature

Please not our new Signature Rule:

*hands Marco an "e"*

Logikos

06-01-2005 10:48 AM

There still are ways around this, you can just .htacess the file to read as a .gif file and rename it.

Marco van Herwaarden

06-01-2005 10:58 AM

Quote:

Originally Posted by kall

*hands Marco an "e"*

Lol, thanks. Changed

kall	06-01-2005 11:02 AM

No problemo.

Heh. That would have looked dodgy if this were vbdanceparty.org. :)

Erwin

06-01-2005 11:54 PM

Quote:

Originally Posted by Live Wire

There still are ways around this, you can just .htacess the file to read as a .gif file and rename it.

Of course, but if we find out, we will remove the sig. :) It just poses a possible security issue - not likely, but some members don't like getting security warnings in their browsers from sigs. :)

Link14716

06-02-2005 02:10 AM

I don't really get this. All someone would need to do is the .htaccess method if they want to leave a cookie. Hell, the image doesn't even have to be dynamic. I can see why you'd want to get rid of the "bad" ones (such as ones leaving cookies and such) but innocent dynamic images (such as ones with their board's stats, or a countdown like mine) aren't doing any more harm than a normal .gif would. Even if the PHP script logged some data, it would be no more than can be harvested from a normal .gif images and some stats programs.

sabret00the

06-02-2005 10:30 AM

A tad overkill imo but for peace and harmony and the fact it don't effect me, i'll go with it :)

Revan

06-02-2005 11:40 AM

I say the rule should concern images setting cookies only.
Sure it would provide more hassle for the staff, but after all the number of pi$$ed off users would be a bigger hassle :p
Not that I give a flying feck either ways, as I cram way too much txt into my sig to fit an image XD

Erwin

06-02-2005 11:36 PM

Quote:

Originally Posted by Revan

Good point. :)

I've changed the rule so it's more sensible.

Paul M

06-03-2005 01:01 AM

I'm a bit confused - doesn't this mean no one can link to a vb forum (or probably most websites) in their sig - since visiting any forum / site usually sets a cookie.

Link14716

06-03-2005 02:31 AM

Quote:

Originally Posted by Paul M

I'm a bit confused - doesn't this mean no one can link to a vb forum (or probably most websites) in their sig - since visiting any forum / site usually sets a cookie.

No, it means no one can have an image in their signature that sets a cookie.

Erwin

06-03-2005 05:04 AM

Quote:

Originally Posted by Link14716

No, it means no one can have an image in their signature that sets a cookie.

Dynamic scripts pretending to be images that try to set cookies. Other dynamic image files etc are allowed.

Chris M

06-05-2005 07:18 PM

I don't think my sig image is a problem, but if you could say if you want me to remove it or what ;)

Satan

All times are GMT. The time now is 04:46 PM.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01226 seconds Memory Usage 1,750KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (7)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (19)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: