Go Back   vb.org Archive > Community Central > vBulletin.org Site Feedback
Reload this Page Exposing the user to harm
FAQ Members List Calendar Search Today's Posts Mark Forums Read
Prev Previous Post   Next Post Next
  #13  
Old 07-01-2007, 02:03 PM
hambil's Avatar
hambil hambil is offline
 
Join Date: Jun 2004
Location: Seattle
Posts: 1,719
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Paul M View Post
Of course, it won't make any difference to you since you decided to take all your mods away anyway.
If fairness, if I'm not allowed to say why I did the above, you should not be allowed to use it against me.

Quote:
Originally Posted by Paul M View Post
There is a big difference between commercial sites and here - your proposal relies on the author actually fixing it - experience shows that this is rarely the case for free modifications released here (take vbplaza, that's still not fixed, months after the holes were found and notified to the author).
This is, perhaps, the crux of the current misunderstanding. I remember vbShout going unfixed forever, until Brad had to fix it. I remember other hacks that had similar issues. That is why I know what the policy used to be - notify the author asking them to change it, and only if they were unresponsive for a fair amount of time would the mod be disabled or, fixed by staff if a staff member was willing.

For such a dramatic change in policy to take place, and for an active hack author to not even know about it, is a serious flaw in the conduct of business - regardless of what you say about the rules being posted.

How about a show of 'virtual hands' for coders who had no idea a policy change had been implemented? I'm sure I'm not alone.

That aside, I still think it's a flawed policy. The email that went out to all the users stated:
This modification contains a MySQL injection vulnerability

It was also put into the thread itself in nice large red letters:
This modification contains a MySQL injection vulnerability

This puts every user of the hack at risk. It also creates a nice little searchable database for anyone who might want to start hacking VB sites. It's an all around bad idea.
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 11:54 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06841 seconds
  • Memory Usage 3,233KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (18)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (34)post_thanks_box
  • (34)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (34)post_thanks_postbit_info
  • (34)postbit
  • (30)postbit_onlinestatus
  • (34)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete