some question about the website

Started by inghippo, April 15, 2014, 06:55:14 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

inghippo

April 15, 2014, 06:55:14 PM
hello there,

I'm kind of new here, just wondering some question about the website.
I checked the robots.txt here https://elliquiy.com/robots.txt and found that there is a chat here https://elliquiy.com/forums/chat/.
This chat make a polling to https://elliquiy.com/forums/chat/?ajax=true where there's a xml who prints data about the users in the chat, included the user id and role.
Is this a security issue? I know it's blocked in robots.txt but it's easy to find by anyone...

Another thing I've see, if you add ";wap2" to the url you get a "wap version" of the website, pretty cool!

Vekseid

#1
April 15, 2014, 07:50:34 PM
The reason it's in robots.txt is because some bots tend to handle it rather poorly.

inghippo

#2
April 16, 2014, 03:27:38 AM
Hello Vekseid,

I see the reason about robots.txt.
I think I've not explaing well what I was trying to said. Sorry.

What I meant, is that in the xml of chat there are the user account ids, I've see that on website user account id is used in URL  as ";u=accountid".
I think there are server side check so another user cannot read something that is not for them and the chat is just for logged user so there will not be probably any treat.

When I had done similar solution with polling I normally cript the user id just to make them less understable for humans. But depends a lot for the level of security you need to keep.

Anyway, thanks for you time and your answer!



Print
Go Up Pages1
User actions