Hi,

Why you don't insert the YouTube(Google)Video, Media Player and FLASH in EDITOR as others board?

Why We must install the mods for this?

It must be original on IPB :whistle:

+1 should be great !

-1 because of security risks

-1 because of security risks

Also BIG -1... It could make the board more exploitable...

Also BIG -1... It could make the board more exploitable...

The Security Patch(Code)s do what?
They must be SECURLY before of course...

+1

Thousands of forums have these mods on, and there haven't been any news of exploits that l've seen.


:thumbsup:

All these -1 due to security flaw potential, yet why do so many sites override that to make them work? I'm sure there could be a way to view them and still be secure?

It's not going to happen. It would open up many potential CRSF / XSS attacks.

It's not going to happen. It would open up many potential CRSF / XSS attacks.

And there's abolsutely no way around this?

Such a needed feature. :unsure:

The Security Patch(Code)s do what?

They must be SECURLY before of course...

Nope, Flash is a very good way to run lots of bad code, and IPB can't re-program flash :P

I would say this is easily left to bbcodes

It's my understanding that that was what the author of this thread was asking for, that the BB Code was included, and a button added to the editors.

<_<

It's my understanding that that was what the author of this thread was asking for, that the BB Code was included, and a button added to the editors.

<_<

Uh, no, Brandon's saying that this can already be accomplished with custom BBCodes, as can a whole host of other things which might put your site in danger of being exploited :rolleyes:

Here is a quick Custom BBCode for YouTube.

Now I am sure there is an easier way, but oh well.

Custom example: _isVdeRwnus

Custom tag:

Option? No

Custom BBCode Replacement:

<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/{content}"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/{content}" type="application/x-shockwave-flash" wmode="transparent" width="425" height="350"></embed></object>

------------

Here is a YouTube video link:
http://youtube.com/watch?v=_isVdeRwnus


You would just have to have them put in whatever was after:

http://youtube.com/watch?v=

Which in this case is:
_isVdeRwnus

Uh, no, Brandon's saying that this can already be accomplished with custom BBCodes,

as can a whole host of other things which might put your site in danger of being exploited

:rolleyes:

Brandon mentioned nothing about "a whole host of other things which might put your site in danger of being exploited"

He said .. "I would say this is easily left to bbcodes - even custom bbcodes can accomplish this."

It was this remark I answered, referring to TurXaliM's original post.

:cool:

I did, indeed, mean custom bbcodes - or modifications that add new bbcodes (including buttons). There are certainly going to be a large enough portion of users that don't want the bbcode that would make it better left not as a default item.

@Keith:
How safe is that method? Being as you're forcing Youtube.com it's pretty safe, no?

@Keith:

How safe is that method? Being as you're forcing Youtube.com it's pretty safe, no?

I would say it is pretty safe... but then again, it is only as safe as HTML allows it to be. I cannot vouch for any security of this BBCode, as I made it in around 2 minutes. :D

as I made it in around 2 minutes. :D

:thumbsup: It's Super...
And for Media Player of the Windows?
It's safe also, i think... :unsure:

:thumbsup: It's Super...

And for Media Player of the Windows?

It's safe also, i think... :unsure:

I think the issue is that with a regular WMP one you can direct it to ANY media, including dangerous ones.

I really wish I had a big fluffy bat that I could smack people with, having video attachtments on a page, is something I hate and think its really good staff agree that this sort of requested feature is a huge security risk.

Till the internet is not a hostile place, I see no need for this feature, at least not till a more secure type of linkage at least.

In 5 years, when security is better ( I hope ), then I will support this feature in products like IPB

I really wish I had a big fluffy bat that I could smack people with, having video attachtments on a page, is something I hate and think its really good staff agree that this sort of requested feature is a huge security risk.

Till the internet is not a hostile place, I see no need for this feature, at least not till a more secure type of linkage at least.

In 5 years, when security is better ( I hope ), then I will support this feature in products like IPB

With the big fluffy bat it seems you're contributing to the "hostility" of the internet :D

I think the issue is that with a regular WMP one you can direct it to ANY media, including dangerous ones.

Mmmhmm, biggest problem is the flawed implementation of WMDRM License Acquisition. In fact, a while ago the recording industry came under fire for placing spyware in the license acquisition process for media files on the P2P networks. Frighteningly enough, Windows Media Player's license acquisition process runs at an even higher level than most IE windows and leaves all sorts of gates wide open for virii and spyware.

If you do this, be sure you know what you're getting yourself and your viewers into.

This thread just goes to show how many op kiddies there are still around. Hopefully though their boards will die an agonising death through lack of activity and the internet will once again be ruled by those of us who know what we're doing and/or have at least half a brain cell to play with.

This thread just goes to show how many

op kiddies

there are still around. Hopefully though their boards will die an agonising death through lack of activity and the internet will once again be ruled by those of us who know what we're doing and/or have at least half a brain cell to play with.

I'm confused as to who you're attacking here... those willing to install security risks on their forum just for the sake of having mods (which don't represent all mod users, some are very careful which mods they install)? Or those who wont install a modification because they're pretty sure it poses a risk?