vb.org Archive - View Single Post

Marco van Herwaarden · #**139** 07-27-2007, 08:20 AM

Maria,

Please calm down now.

Quote:

"Has an average member the knowledge to check a mod for bugs? In my opinion checking for bugs it's much more difficult than programming. So, the reporter is not the average enduser who downloads the mod for his own use, but is a coder who download it for ....what really?"

I never used the word "average"

A coder is also a regular member on this forum, as opposed to a staff member.

Why the focus on who reported it? How does this knowledge help you or the users?

In my view it is a non-issue who was the person that reported a vulnerability, all that counts is that someone found a possible vulnerability and took the time (luckily) to bring it under the attention of us so we can take actions to get things resolved. The result is all that counts. You (and the users of your work) should be glad that someone took the time.

Quote:

I thought about it seeing where my security risk was for vbDigiShop. It was in the file which hundles the post back from the payment gateway. So someone gave special attention to that file for one of the following reasons:

To make changes so my mod to work with PayPal. By doing this he/she was breaking my copyright which clear stated that developing payment to work with PayPal is prohibited even if it was for his/her own use. I gave for free to public a full script by deactivating only the PayPal payments.
To get the code for use somewhere else. Something which is also breaks my copyright.

And now the critical question: "Do the Moderators plan to give me the details of a person who broke my copyright rules?"

To answer your last question first: no we will not give out the name of the person that reported this.

Also you seem to have been jumping to some conclusions about how this person found the vulnerability and his intentions. I have no proof whatsoever that this person was trying to break your copyright. If you have such proof, please let me know and i will review this.

You seem to forget that we also have members that maybe consider installing a modification on their site and have the habbit of first checking the code before putting any third-party coding on their website.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01768 seconds Memory Usage 1,769KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD_SHOWPOST (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_quote (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_box (1)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (1)post_thanks_postbit_info (1)postbit (1)postbit_onlinestatus (1)postbit_wrapper (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit reputationlevel showthread	Included Files: ./showpost.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showpost_start bbcode_fetch_tags bbcode_create postbit_factory showpost_post postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start showpost_complete
Messages: