Button insecurity

Since my last post about this got reaped, I'll try again without mentioning anyone by name.

When someone is ignored, there should be a pop-up, or some kind of obvious notification to make sure the ignorer knows he ignored someone. It's possible to put a button on your home node that makes you ignore someone, and in at least one case, someone put a button too close to a random image link that people press over and over.

This is only one security problem with Perl Monks. Actually, before fixing that, the cookie problem should be fixed, if that one still exists. It allows you to log on as another user if you get someone to click your button. Did that ever get fixed?

And how about some guideline that says to keep the redeemable part of a reaped post, assuming there's a largely redeemable part? That would have prevented some of my posts from being totally reaped.

Comment on Button insecurity

Replies are listed 'Best First'.
Re: Button insecurity by castaway (Parson) on Sep 18, 2004 at 19:18 UTC
To answer your points: 1) This would produce quite a few pop-ups for those that actually use ignore, and doesnt sound very practical to me. There is a way of finding out who you are ignoring: ignored users, so if you think you're ignoring someone you don't want to, look there. 2) You've misunderstood the problem here. Nobody steals your cookie, or logs in as you. You clicking the link causes your browser to send a query to PerlMonks requesting it to do something for you. 3) Sorry, but I don't agree. If people want to present their problems/complaints in a sensible and non-whiny, non-attacking manner, like this one, we'll listen. Else, it just looks like blowing off steam, and will be ignored. My reccommendation: Think before you post, think about your readers, and what you want them to think of you. How would you perceive your posts? C.	[reply]
A reply falls below the community's threshold of quality. You may see it by logging in.
A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Button insecurity by eric256 (Parson) on Sep 18, 2004 at 20:03 UTC
Once agian, your own home node makes use of such buttons. Perhaps you should lead by example and not make use of such things. Instead make your home node a warning to others about the possibly malicious uses of buttons and javascript that some people might use on their home nodes. This would certainly lend your argument more credence. Advocate safe surfing habits instead of trying to limit what monks can or cannot do with there home nodes. Everyone should know that homenodes HTML is created by the user and can therefor be used for good or evil purpouses. I for one don't care for a the big brother theme of controlling every aspect. If you want to educate people on how to be safe while surfing then internet that would be a true service to the community and instead of just pointing to problems you would be helping fix them. ___________ Eric Hodges	[reply]
Re: Button insecurity by CountZero (Bishop) on Sep 19, 2004 at 09:53 UTC
The whole idea of ignoring someone is not getting bothered by him/her. A pop-up would really defeat this purpose. CountZero "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law	[reply]
A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Button insecurity by Fineous_Fingers (Novice) on Sep 20, 2004 at 20:35 UTC
I think that pushing any button without first examining it's programming is just irresponsible. If someone wanted to put an Ignore Fineous button on their home node, labeled or not, I would consider that to be one of the most Innocuous things one could do.	[reply]
Re: Button insecurity by Anonymous Monk on Oct 02, 2004 at 07:25 UTC
You should lead example	[reply]


Welcome to the Monastery
	PerlMonks