Results 1 to 5 of 5

  Click here to go to the first staff post in this thread.   Thread: Patches and Fixes

  1.   This is the last staff post in this thread.   #1
    Didn't try, Succeeded Fay V's Avatar



    Weasyl
    Fayv
    Join Date
    Jun 2012
    Posts
    1,379

    Patches and Fixes

    Last edited by Fay V; 11-15-2012 at 05:17 PM.

  2. #2
    Oh, I like this sort of post! Very informative and it shows how much effort is going into the site.

    I was pleasantly surprised when this didn't say "We fixed some bugs etc. kthx"

    Keep up the good work!

  3. #3
    Its not so much a bug, but more of a security bugbear that I can see.

    In the "Sent Invitations" page, you have a list of email's readily readable. If in the event one account is compromised and the user gets to that page, multiple other accounts can be targeted.

    Personally I would try to distort the email addresses from view (partial obscure).

  4. #4
    Premium User Temrin's Avatar

    Weasyl
    Temrin
    Join Date
    Jul 2012
    Location
    Vancouver, BC, Canada
    Posts
    167
    I can definitely agree with Vitani. I remember doing that kind of stuff on college. Telling the code to parse from "this" to "this" and how tedious it was. But i do agree that perhaps having it show only from the first letter to the @ sign would help. Or when inviting someone have a name field for us to put in and that is what shows on the invite page. Something like that.

  5. #5
    Quote Originally Posted by Temrin View Post
    I can definitely agree with Vitani. I remember doing that kind of stuff on college. Telling the code to parse from "this" to "this" and how tedious it was. But i do agree that perhaps having it show only from the first letter to the @ sign would help. Or when inviting someone have a name field for us to put in and that is what shows on the invite page. Something like that.
    My apologies if my message was someone short and disjointed, but I was short on time to write it earlier.

    I'm no security expert, and I don't claim to be, but having studied security before I've see how important it could be.

    I agree with your point about obscuring the domain name, it then leaves literally hundreds of possible combinations of generic email providers (hotmail, yahoo, gmail and the like) but then there are a fair few others who have email addresses on personal domains. So the chances of access are reduced further.

    One further change I would make is to change the @ to [at] (even though its not an actual link it still stops harvesters from scanning the page for it, well, reduces the success rate at least.)

 

 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •