Go Back   vb.org Archive > Community Central > vBulletin.org Site Feedback
  #21  
Old 06-26-2005, 10:16 AM
flup's Avatar
flup flup is offline
 
Join Date: Jan 2002
Location: Maastricht, NL
Posts: 872
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

No i get it now, haven't thought with that one
  #22  
Old 06-26-2005, 12:33 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Dean C
As said above, it's a privacy issue. For example, if there was a modification which had a big exploit, one could go to the list of users who have installed, and look to see which have it in their profile, and then go round exploiting. Whilst, we realise that 99% of vB.org users would never do this, there is always the slim possibility
Maybe I'm missing something here. Exactly how is this an issue ? ONLY the hack author would be able to see this list, not everyone. How is there any more of a risk of the AUTHOR doing this then there already is - and in most cases (as I have complained elsewhere) - few people have any link to their site from here anyway, so even if I knew "joebloggs" had it installed - I have no idea what his site is.
  #23  
Old 06-26-2005, 01:35 PM
Dean C's Avatar
Dean C Dean C is offline
 
Join Date: Jan 2002
Location: England
Posts: 9,071
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ah, we're talking about showing this list to everyone though Paul
  #24  
Old 06-26-2005, 01:50 PM
Andreas's Avatar
Andreas Andreas is offline
 
Join Date: Jan 2004
Location: Germany
Posts: 6,863
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

A list of all users who installed a Hack just for the Hack author would be nice
And I don't se privacy issues there, as he can already compile such a list be viewing all posts - which is a PITA when the Thread is several hundred posts long.
  #25  
Old 06-26-2005, 01:56 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by KirbyDE
A list of all users who installed a Hack just for the Hack author would be nice
And I don't se privacy issues there, as he can already compile such a list be viewing all posts - which is a PITA when the Thread is several hundred posts long.
That would only be possible if everybody who installed made a reply.
  #26  
Old 06-26-2005, 02:07 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Dean C
Ah, we're talking about showing this list to everyone though Paul
Ah, but I wasn't

Quote:
Originally Posted by Paul M
If only the author can pull up a list then where's the harm.
I would never suggest that everyone could see it - as that clearly would be an issue.
  #27  
Old 06-26-2005, 02:25 PM
flup's Avatar
flup flup is offline
 
Join Date: Jan 2002
Location: Maastricht, NL
Posts: 872
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I wasn't talking about everyone either, just for the hack author...
  #28  
Old 06-26-2005, 02:34 PM
Chris M's Avatar
Chris M Chris M is offline
 
Join Date: Dec 2001
Location: Northampton, England
Posts: 6,186
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It used to be for all, but I agree, only the hack author, co-authors, and obviously staff, can see the list...

This could also be useful, because even if users do not reply, or accept hack updates via email, you could still contact them via PM or another method or alert a staff member that "User x" has a serious vulnerability with their site (after checking it out), and you could get the hole patched

Satan
  #29  
Old 06-26-2005, 09:44 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

For that it would be better to create a button to send a security warning by mail and pm. Still no need to see the names.

Atm even staff can not see the names.
  #30  
Old 06-27-2005, 09:44 AM
Xenon's Avatar
Xenon Xenon is offline
 
Join Date: Oct 2001
Location: Bavaria
Posts: 12,878
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

As already said, it's because of privacy issues.

A user who posts within the supportthread, realises, that when a security flaw is found, he could be a possible victim, but if he does not post then he has to be sure he is "safe".
Of course we could just generate a list just for authors, but there could always be a black sheep there as well.

I can understand both sides, i sometimes miss that feature myself, but as said, the disadvantages are bigger than the fun factor, so we won't add it again.
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:34 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.08295 seconds
  • Memory Usage 2,250KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete