You are either not logged in or not registered with our community. Click here to register.
May 28, 2018, 12:31:05 AM

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length

Click here if you are having problems.
Default Wide Screen Beige Lilac Rainbow Black & Blue October Send us your theme!

Wiki Blogs Dicebot

Author Topic: some question about the website  (Read 350 times)

0 Members and 1 Guest are viewing this topic.

Offline inghippoTopic starter

some question about the website
« on: April 15, 2014, 06:55:14 PM »
hello there,

I'm kind of new here, just wondering some question about the website.
I checked the robots.txt here and found that there is a chat here
This chat make a polling to where there's a xml who prints data about the users in the chat, included the user id and role.
Is this a security issue? I know it's blocked in robots.txt but it's easy to find by anyone...

Another thing I've see, if you add ";wap2" to the url you get a "wap version" of the website, pretty cool!

Online Vekseid

Re: some question about the website
« Reply #1 on: April 15, 2014, 07:50:34 PM »
The reason it's in robots.txt is because some bots tend to handle it rather poorly.

Offline inghippoTopic starter

Re: some question about the website
« Reply #2 on: April 16, 2014, 03:27:38 AM »
Hello Vekseid,

I see the reason about robots.txt.
I think I've not explaing well what I was trying to said. Sorry.

What I meant, is that in the xml of chat there are the user account ids, I've see that on website user account id is used in URL  as ";u=accountid".
I think there are server side check so another user cannot read something that is not for them and the chat is just for logged user so there will not be probably any treat.

When I had done similar solution with polling I normally cript the user id just to make them less understable for humans. But depends a lot for the level of security you need to keep.

Anyway, thanks for you time and your answer!