Printable View
so what is the security issue? (an don't say "i can't tell you for your own security" ;) )
hey
pliz give my footer back
i dont have a domain so i dont have remote support for pictures !!
i got to have a flash footer
and u gotta let me have it !!
are u listening mr administrator !!
<shrugs> At least you called him "Mr." ... ;)Quote:
Originally posted by buttclencher
hey
pliz give my footer back
i dont have a domain so i dont have remote support for pictures !!
i got to have a flash footer
and u gotta let me have it !!
are u listening mr administrator !!
He said they'll be back soon ... so sit tight and be patient
:D
Can't you see he needs it now?!! Won't somebody think of the children?!!!!
Hey ... I'm just waitin' for someone to sue ... ;)
i think u are rite lanny
i just over reacted !! ;)
perhaps its the stubborn little cranky kid that lives inside me who just woke up ;):D
and ya isnt it supposed to be "Mr" administrator >>
tell me if i am wrong ;)
:D
They may not be back. Right now, MM is looking at it. Mike and I checked it out on Sat, and he passed it on to another team.Quote:
Originally posted by buttclencher
i think u are rite lanny
i just over reacted !! ;)
perhaps its the stubborn little cranky kid that lives inside me who just woke up ;):D
and ya isnt it supposed to be "Mr" administrator >>
tell me if i am wrong ;)
:D
It's the cookie issue. The reason I left them enabled in the profiles is: it's not going to do anyone much good to steal their own cookies.
Nice av/title PetuniaQuote:
Originally posted by LanSite
Hey ... I'm just waitin' for someone to sue ... ;)
<chokes on coffee> :eek:Quote:
Originally posted by jstarkey
Nice av/title Petunia
hahhahahhahahha <cough, cough>
Gawd, someone mash me on the back
:D
I think this footer thing has turned out for the best. (in some way i am saying this to overcome the panic)My footer was over 15k, so when i noticed it was gone i thoughtSo i went to my Flash 5 Drawing board and came up with an even better, more snazier footer with reduced items thus decreasing the file size to under 15k. I was happy. Then of course i saw this thread and thought...hmmmmm, with a big silent 'H'. And saidQuote:
"Oh no! The Lovely Mods have gotten rid of it! :o"
But if you don't bring them back, then i'll just have to make a screenshot of my footer and save as .gif!!!Quote:
"Maybe this has turned out for the best?"
Bye for now http://board.flashkit.com/board/imag.../2002/02/1.gif
i luv this community, you are always kept uptodate with all the stuff happening and dont have to worry what on earth happened that the footers disappeared....
what a shock - i nearly died a couple of minutes ago ;(
I wouldn't miss the footers if they were gone for good anyways..
Quote:
Originally posted by LanSite
<chokes on coffee> :eek:
hahhahahhahahha <cough, cough>
Gawd, someone mash me on the back
:D
ok!!;).......<rears back a clenched fist as far back as possible...with enormous force applies it to Lannie's back:p>........Was that a good 'mash'?:D
I just posted a new thread asking this question, then i saw this thread, and went back to delete it:D
no need for screenshot,Quote:
Originally posted by ad_mtk2
But if you don't bring them back, then i'll just have to make a screenshot of my footer and save as .gif!!!
Bye for now http://board.flashkit.com/board/imag.../2002/02/1.gif
you could just publish it as a .jpg or .gif
...stealing cookies. sheesh!
Sounds like something we did as children.
So, what kind of cookies?
Grandma used to make us Blackwalnut/chocolate chip cookies.
Yummy, but those were good.
Quote:
Originally posted by buttclencher
hey
pliz give my footer back
i dont have a domain so i dont have remote support for pictures !!
i got to have a flash footer
and u gotta let me have it !!
are u listening mr administrator !!
You have a domain that will host a flash file, but not an image file???
weird
oh **** thats a good idea. have flash go into the users cache and grab the boards stored password info coikie, and upload them somewhere, then ultimatly you could have everyones login and password.
hMMM... ;)
and..how can you prevent that?
that seems easy for a hacker
Pfaffer... stupid... ummm... cookie ppl that steal cookies! Now look what you've done! You made... ummm .... a whatcha macall it... oh ya... one of those angry mob things!
It wasn't, thats why you guys get no flash footers. Quit crying like babies over a footer on a message board somewhere on the internet.Quote:
Originally posted by tiGRAN=-2001
and..how can you prevent that?
that seems easy for a hacker
Who cares about footer anyway?
Ummm... I don't really care about the footers... but I think everyone is going to take that personally... if you see any torches blowing fire your way... step back at least 30 feet... mmmkkkkaaayyyy?
http://board.flashkit.com/board/Quote:
Originally posted by dpark
Ummm... I don't really care about the footers... but I think everyone is going to take that personally... if you see any torches blowing fire your way... step back at least 30 feet... mmmkkkkaaayyyy?
That wont work as i have movie clips flying around the place and they wont show on the footer...unless you know other wise???Quote:
Originally posted by tiGRAN=-2001
I just posted a new thread asking this question, then i saw this thread, and went back to delete it:D
no need for screenshot,Quote:
Originally posted by ad_mtk2
But if you don't bring them back, then i'll just have to make a screenshot of my footer and save as .gif!!!
Bye for now http://board.flashkit.com/board/imag.../2002/02/1.gif
you could just publish it as a .jpg or .gif
You'd think in a nice community like this one there wouldn't be any problems like people stealing other people's cookies.
About the footers, Id like to have the footers stay whether or not their flash really doesn't matter to me, but the footers allow us to personalize our posts. I guess if you already have your title and pic it doesnt matter, however for lil people like me crawling to the top the footer is all I have...
This is a security issue inherent to the functionality of flash, and exists anywhere where a site allows a third party to run a flash movie on their site.
The good thing is flash movies on flashkit can only access cookies from the flashkit domain. So if flashkit want to enable flash footers, it's really an issue over the data flashkit stores in it's cookies, and how this could be used in the wrong hands. I guess some private encryption of the data within the cookies would make it secure, as any accessable data such as username and password would be unreadable to a third party.
Provided it is not possible to create a replica fake cookie from scratch, using data in a real one, (I don't currently know of a way), surely this would solve the problem?
Mike
I miss mine too, but I am learning that nothing is safe out here.
FK? You take all the time you need to!
I'm behind 'ya.
If there are any good programers out there, this might be insriration to help find an answer to this, and other security problems. I wish I could help, but right now, I just don't know how to help, other than to give Flash Kit
All my support in this matter.
Keep up the great work, Flash Kit
wouldnt it be possable to restrict the footers to earlyer versions of flash, flash wont let you use flash 5&6 commands if you publish it for flash 4. If you where to find away to restrict it to befor the actionscript that the bug is comeing from was there I wouldnt think you would have a problem..
other then inforceing it.. even then you could probly make some kind of php script to..
Flash 4 had a getURL though.. It can access javascript. How about after the users sign in, it only sotres their names and wheter they are logged or not, and then passwords are not needed if you have the right cookie under the FK domain? It may require editing of the boards, but nobody could get your password. The problem with encrypting it is that it is used in the password field above ^^^^.
Bespoke encryption on cookie data would work provided it was decrypted server side, and provided it was not possible to fake a cookie. These can normally only be set by the same domain that reads them i.e. flaskkit.com. The encryption would prevent the hacker logging in manually with any cookie data, and by the very nature of cookies he would not be able to use someone else's cookie data to masquerade himself as authenticated.
However I've just released there's a fatal flaw in this plan whereby it is in fact very easy to fake a cookie using someone else's data, so in fact it wouldn't work at all...
The only other possible solution I can think of, which is quite cunning, is to throw up a JavaScript error on the page to prevent all other JavaScript from executing.
That's a terrible solution in practice, but would in theory work :)
Seems removing authentication via cookies is the only logical way forward. I can't see MM doing anything because it's not a bug, and even if they did, the ability to misuse it in this case is already out there.
Mike
Well, seeing as I hadn't myself created or even considered a flash footer, this hasn't quite hit home with me, although I did enjoy seeing what could be done within those confines. Quite impressed was I. And now we've but plain images to go on. Heh but still, anyone trying to thieve cookies by this method has too much free time, in my estimation. Well, good luck on the resolution, and I support FK in their decision here as well.
Later folks,
Joe
I do, why else do you think I come here? Build a good footer, and get loads of people to look at your site, is that not what its all about? Advertising/publicity/communications is the business we're in.
never mind, put in a picture (remember the limitations on size, they still apply) and you can have two lines of text which can still be links to sites you want to show off.Quote:
Originally posted by electrolux3
I do, why else do you think I come here? Build a good footer, and get loads of people to look at your site, is that not what its all about? Advertising/publicity/communications is the business we're in.
If footers to advertise yourself are the only reason you come here, then you are missing out about 99.9% of what this site is about.
So no, that is not what this site is all about. In fact, the footers are probably the most useless part of this site.
People should just forget about them, they are history by the looks of it.
david p.
No it isn't. Flash development is the business I am in. I have a nice job which pays well, I could care less who visits my site. I'm not out for fame, just a comfortable life. ;)Quote:
Originally posted by electrolux3
I do, why else do you think I come here? Build a good footer, and get loads of people to look at your site, is that not what its all about? Advertising/publicity/communications is the business we're in.
well as long as you're alright.Quote:
Originally posted by swampy
No it isn't. Flash development is the business I am in. I have a nice job which pays well, I could care less who visits my site. I'm not out for fame, just a comfortable life. ;)Quote:
Originally posted by electrolux3
I do, why else do you think I come here? Build a good footer, and get loads of people to look at your site, is that not what its all about? Advertising/publicity/communications is the business we're in.
the 99.9% of this site that I'm missing is the 99.9% that I don't want to know about, i've got a low boredom threshold and can just about manage 0.1% of this site- and thats only about once every couple of months
shrug,Quote:
Originally posted by electrolux3
well as long as you're alright.
the 99.9% of this site that I'm missing is the 99.9% that I don't want to know about, i've got a low boredom threshold and can just about manage 0.1% of this site- and thats only about once every couple of months
you're sorely missed.
Maybe Flashkit should just ask you to take out a banner ad and pay for your advertising like other advertisers who have no real interest in the site.
BTW, you will notice that the banners have one advantage over the footers........they still work.
dp
well said that man in the blue hat.Quote:
Originally posted by david petley
BTW, you will notice that the banners have one advantage over the footers........they still work.
dp
I find it hard to believe this isn't an issue that can be resolved without ditching flash footers.
That said, you could always have an approval system.
You submit your desired flash footer with the source and it is qued to be reviewed by the mods at their leisure.
This is one way you could prevent security breaches.
Just an idea.
Quote:
Originally posted by KLTdesigns5869
Quote:
Originally posted by buttclencher
hey
pliz give my footer back
i dont have a domain so i dont have remote support for pictures !!
i got to have a flash footer
and u gotta let me have it !!
are u listening mr administrator !!
You have a domain that will host a flash file, but not an image file???
weird
hehehehehe
the truth is i dont have a domain of mah own !!
mah site is hosted on brinkster !!
and as far as mah knowledge goes brinkster does not have remote support for pictures !!