4images Forum & Community

4images Issues / Ausgaben => Feedback & Suggestions => Topic started by: martrix on April 01, 2005, 10:02:27 AM

Title: Sessionid if posting a link to gallery
Post by: martrix on April 01, 2005, 10:02:27 AM

For your own security:
if you post links to your gallery, do not include the "sessionid=asdfadfagagagfadfasd" string in there.
Because if someone uses that link as long as the session is still "active" on the server, the visitor (following that link) gets "logged-in" as YOU!
If it was a session, in which you were logged-in as admin, then you could get in real trouble.  :wink:

2 Jan, V@no and Co.:

---

Shouldn't this be included in the MUST READ guidelines?
Just think, that it could cause big problems, if somebody missuses that...

---

have fun

Title: Re: Sessionid if posting a link to gallery
Post by: RoadDogg on April 01, 2005, 10:40:13 AM

translation / Übersetzungen

Achtet beim Erstellen von Beiträgen, dass Links zu eurer Galerie keine SessionID mit sich führen. Zu erkennen an dem sessionid=acdfsdsfdgdrtddfdf (am Ende des Links).
Sollte jemand diesem Link benutzen, so lange die SessionID noch aktiv ist (und ihr eingeloggt ward), ist derjenige mit eurem Account eingeloggt (idR dann als Admin).

Title: Re: Sessionid if posting a link to gallery
Post by: martrix on April 03, 2005, 01:34:13 PM

Danke RoadDogg... konnte das ja auch gleich inkl. der deutschen Sprache posten  :oops:

Title: Re: Sessionid if posting a link to gallery
Post by: TheOracle on August 30, 2005, 04:02:05 PM

This has been corrected in the bug fixes section of the forum recently.