Page Index Toggle Pages: [1] 2 3  Send TopicPrint
Very Hot Topic (More than 25 Replies) It happened again - SP1.4 (Read 17547 times)
Administrator
Forum Administrator
*****
Offline


Yummm

Posts: 7
Location: Modders Rile
Joined: Oct 7th, 2014
Gender: Male
It happened again - SP1.4
Nov 26th, 2004 at 5:39pm
Print Post  
Yesterday yabbforum.com has released another security bugfix release of YaBB, this time it's called SP1.4. The biggest change is that the cookie-based login system has been turned into a session-based one. A complete changelog and the download link can be found here.
  

The Administrator.
Back to top
WWW  
IP Logged
 
Max Shanly
New Member
*
Offline



Posts: 42
Joined: Sep 28th, 2004
Gender: Male
Re: It happened again - SP1.4
Reply #1 - Nov 26th, 2004 at 5:46pm
Print Post  
and guess what... it's produced even more bugs... w00t!
  
Back to top
 
IP Logged
 
Administrator
Forum Administrator
*****
Offline


Yummm

Posts: 7
Location: Modders Rile
Joined: Oct 7th, 2014
Gender: Male
Re: It happened again - SP1.4
Reply #2 - Nov 26th, 2004 at 5:48pm
Print Post  
What do you mean? Are you talking about the "staying logged in" problems?
  

The Administrator.
Back to top
WWW  
IP Logged
 
Max Shanly
New Member
*
Offline



Posts: 42
Joined: Sep 28th, 2004
Gender: Male
Re: It happened again - SP1.4
Reply #3 - Nov 26th, 2004 at 6:10pm
Print Post  
Yep...
  
Back to top
 
IP Logged
 
Kong
God Member
*****
Offline


Is it just me or is my
back hairy???

Posts: 858
Joined: Aug 2nd, 2002
Gender: Male
Re: It happened again - SP1.4
Reply #4 - Nov 26th, 2004 at 10:11pm
Print Post  
How is that a bug?

Looks more like a side effect of a security feature that affects dialup users and anyone with cheap internet. Wink

When it comes to the session id protection the main thing i'm wondering is whether or not SP1.4 is compatible with password_security_sp1.3.mod.

Ron released a mod in Spetember that does this but I think its not compatible.

mimit wrote on Sep 28th, 2004 at 6:14pm:
Nice mod  Cheesy
Thanks Ron  Wink

Just a question, it is compatyble with the encrypt password mod?

Quote:
Mmmm.... don't know I only encrypt the password that is in the cookie different so definitely not.

Anyone know for sure?
  


Back to top
 
IP Logged
 
Max Shanly
New Member
*
Offline



Posts: 42
Joined: Sep 28th, 2004
Gender: Male
Re: It happened again - SP1.4
Reply #5 - Nov 27th, 2004 at 7:59am
Print Post  
I have BroadBand... and it still happens to me... ohwell... someone *me* will have to find away to tackle it...

The Linspired
  
Back to top
 
IP Logged
 
Kong
God Member
*****
Offline


Is it just me or is my
back hairy???

Posts: 858
Joined: Aug 2nd, 2002
Gender: Male
Re: It happened again - SP1.4
Reply #6 - Nov 27th, 2004 at 10:31am
Print Post  
You can still have broadband and have a dynamic IP address.
  


Back to top
 
IP Logged
 
Max Shanly
New Member
*
Offline



Posts: 42
Joined: Sep 28th, 2004
Gender: Male
Re: It happened again - SP1.4
Reply #7 - Nov 27th, 2004 at 10:50am
Print Post  
I know that, the problem is that it is just a annoying feature. Which is in SP2 but doesn't have the same problems as SP 1.4.

Linspired
  
Back to top
 
IP Logged
 
JetLi
Guest


Re: It happened again - SP1.4
Reply #8 - Nov 27th, 2004 at 10:15pm
Print Post  
Hi
is this for Server Version?

Greets
JetLi
  
Back to top
 
IP Logged
 
BillBSET
God Member
*****
Offline


Ignorance can be fixed,
Stupid is Forever

Posts: 698
Location: Monkey Island
Joined: Sep 19th, 2003
Gender: Male
Re: It happened again - SP1.4
Reply #9 - Dec 1st, 2004 at 9:19am
Print Post  
I know that this is a security issue...

But are many upgrading??  anyone??

Over at YaBBForums there was a recommendation to
only check the first part of the IP to allow AOL users to stay logged in on each click..  no reply to that yet...

You know I have learned so much from all the people here and
was just wanting to know what most are recommending and what
others are doing...??
  


After you eliminate all of the possibilities,
whatever is left, no matter how seemingly impossible,
must be the truth.


Back to top
WWW  
IP Logged
 
Kong
God Member
*****
Offline


Is it just me or is my
back hairy???

Posts: 858
Joined: Aug 2nd, 2002
Gender: Male
Re: It happened again - SP1.4
Reply #10 - Dec 1st, 2004 at 9:58am
Print Post  
I have thought about it and am still thinkign about it.  When i actually get around to it will I upgrade?  I don't know.

I like the idea of better security but for alot of people this may be a problem.  Now, when I say alot I mean, there are lots of people ou there who use AOL or similar ISPs.  Most of the people at 3DXL tend to get good internet and dont' have this problem but fo the people who do it's something major.

I had a guy I know who uses AOL goto 3DXL and i checked the server log to see if and when his IP changed.

The 3DXL layout uses lots of small images and a number of files and scripts called via SSI.  For each image and page loaded when going to the sites front page his ip address changed for each of them.

Down the list it was something like...

123.123.23.12
123.123.23.13
123.123.23.10
123.123.25.12
123.123.23.9
123.123.23.11

And so on.

I personally wouldnt' want to keep people from use the forums, then again most 3DXL users have good internet, so I am not sure. Cheesy
  


Back to top
 
IP Logged
 
Curtiss Grymala
God Member
*****
Offline


YaBB?... Y Not?

Posts: 1314
Joined: Apr 12th, 2004
Gender: Male
Re: It happened again - SP1.4
Reply #11 - Dec 1st, 2004 at 11:32am
Print Post  
I have not upgraded to 1.4.  I did quite a bit of work upgrading to 1.3.2 and got everything working almost exactly the way I wanted it to.  I'm not all that concerned about the security issues, myself, as I realize that, with the community at which my site is aimed, no amount of security features could really stop hackers if they set their minds to it.  That's why I simply do a back-up of my entire site every day, into alternating directories (so as not to overwrite a good back-up with a possibly bad back-up).  I am really not sure I will be upgrading to 1.4 at all.  Maybe I'll upgrade when 1.4.1 comes out.
  

Currently using Y2.3 With no mods (though that will hopefully change, soon).

Click Here To See A List Of All The Mods I've Written
Back to top
WWW  
IP Logged
 
Romplayer
Full Member
***
Offline


Do you know the Muffin
Man?

Posts: 216
Location: Augsburg
Joined: Oct 22nd, 2003
Gender: Male
Re: It happened again - SP1.4
Reply #12 - Dec 1st, 2004 at 1:28pm
Print Post  
What's that? Destroying "Always stay logged in" called a good thing?
No way, I won't install this!
How often does it happen that a hacker gets a password through the cookies? Well, staying logged in is much more important than that!
What do I care if somebody knows a password?
No, no. That's just silly.
  
Back to top
WWWICQ  
IP Logged
 
Tea-Master
Forum Administrator
*****
Offline



Posts: 1945
Location: north germany
Joined: Oct 21st, 2001
Gender: Male
Re: It happened again - SP1.4
Reply #13 - Dec 2nd, 2004 at 8:36am
Print Post  
well if someone knows a password from a moderator or an admin he can (and will?) destroy your forum or write things in your name!! I do care!!
If you don't make daily backups you will loose a lot.
Also... are you using your password for other things like your email etc? Then have fun seeing an empty inbox and a lot of spam mails sent by "you"...
Admitted it doesnt happen very often that someone wants to steal your password and knows how. But if you have a dispute with someone it could happen fast.

However this login problem is indeed a serious issue. But it was never planned to work like this... so you can be relatively sure that there will be an update with a fix. AFAIK Admins will still have to login more often but other users not.
  
Back to top
WWW  
IP Logged
 
Romplayer
Full Member
***
Offline


Do you know the Muffin
Man?

Posts: 216
Location: Augsburg
Joined: Oct 22nd, 2003
Gender: Male
Re: It happened again - SP1.4
Reply #14 - Dec 2nd, 2004 at 9:21am
Print Post  
What about a checkbox so that you can enable or disable that feature?
  
Back to top
WWWICQ  
IP Logged
 
Page Index Toggle Pages: [1] 2 3 
Send TopicPrint