The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
#1
06-29-2007, 03:54 PM
|
||||
|
||||
What happened to respect?
I thought the policy was to contact an author if a vulnerability was discovered in one of their hacks, and give them a reasonable amount of time to fix the issue before publicly flogging them. I believe the PM telling me about the issue was actually sent AFTER the hack was pulled and every user alerted via an update email. Gee, thanks.
It's a hack that's been around for a couple years, too. Still, I guess it just had to be removed INSTANTLY. |
|
#3
06-29-2007, 04:00 PM
|
||||
|
||||
|
Quote:
|
|
#4
06-29-2007, 04:02 PM
|
|||
|
|||
|
for the best of the community, when a tool is having a bug, 99% of the time, people are reporting the bug in the thread related to the hack... then the author can fix the bug...
an insert or a exploit is a bug, so it have to be reported in the thread, contacting the author, and wait for a certain time for a result... for the best of the community, if you really want to protect the members and the people using these codes, you'd be better test each release before they go public... but you don't... so give a chance to the coder first. |
|
#6
06-29-2007, 04:07 PM
|
||||
|
||||
|
Quote:
Quote:
coder is always contacted and they are free to fix .. once fixed, we will gladly return the mod to it's proper location |
|
#8
06-29-2007, 07:14 PM
|
||||
|
||||
|
<a href="https://vborg.vbsupport.ru/info.php?do=security" target="_blank">https://vborg.vbsupport.ru/info.php?do=security</a>
SQL injections are always considered severe. As for 'respect' - perhaps you need to review your posts in this thread. Sarcastic remarks are not generally considered very respectful. |
|
#9
06-29-2007, 07:53 PM
|
|||
|
|||
|
i think it is more frustration than missrespect from hambil... his age and experience make him easily iritated... LOL...
|
|
#10
06-29-2007, 11:22 PM
|
||||
|
||||
|
My guess is a serious review of the hacks on this board would result in over half of them being taken down for security reasons. I have no issue with dealing seriously with a security issue, but over-reactions bother me. Not contacting the author giving them a chance to fix it. Moving the hack to the graveyard so the author can't even download it themselves (to insure the fix they are making is to the same files everyone else has downloaded - especially when the hack is two years old).
As I said, this issue has been in that code for two years. To my knowledge nobody has ever had a problem, and nobody has reported it in the hack thread. This doesn't mean it isn't serious and doesn't need to be urgently addressed, but come-on. Next time Jelsoft has a serious security issue can I expect my forum software to be immediately shut down without my consent or any pre-notification and not run again until Jelsoft fixes the issue? Call it what you want, spin it however you want, this was a disrespectful and unnecessary act that can only make sense if you have a very exaggerated sense of self importance and your place in the world. My hack wasn't running the Mars lander, or keeping Nuclear missiles from launching, and neither is vb itself. |
 |
«
Previous Thread
|
Next Thread
»
Linear Mode
|
|
All times are GMT. The time now is 06:59 PM.