Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted October 18, 200618 yr Hi,Why you don't insert the YouTube(Google)Video, Media Player and FLASH in EDITOR as others board?Why We must install the mods for this?It must be original on IPB :whistle:
October 18, 200618 yr -1 because of security risksAlso BIG -1... It could make the board more exploitable...
October 18, 200618 yr Also BIG -1... It could make the board more exploitable...The Security Patch(Code)s do what?They must be SECURLY before of course...
October 18, 200618 yr +1Thousands of forums have these mods on, and there haven't been any news of exploits that l've seen. :thumbsup:
October 18, 200618 yr All these -1 due to security flaw potential, yet why do so many sites override that to make them work? I'm sure there could be a way to view them and still be secure?
October 18, 200618 yr Community Expert Management It's not going to happen. It would open up many potential CRSF / XSS attacks.
October 18, 200618 yr It's not going to happen. It would open up many potential CRSF / XSS attacks.And there's abolsutely no way around this? Such a needed feature. :unsure:
October 18, 200618 yr The Security Patch(Code)s do what?They must be SECURLY before of course...Nope, Flash is a very good way to run lots of bad code, and IPB can't re-program flash :P
October 18, 200618 yr I would say this is easily left to bbcodesIt's my understanding that that was what the author of this thread was asking for, that the BB Code was included, and a button added to the editors. <_<
October 18, 200618 yr It's my understanding that that was what the author of this thread was asking for, that the BB Code was included, and a button added to the editors. <_<Uh, no, Brandon's saying that this can already be accomplished with custom BBCodes, as can a whole host of other things which might put your site in danger of being exploited :rolleyes:
October 18, 200618 yr Here is a quick Custom BBCode for YouTube.Now I am sure there is an easier way, but oh well.Custom example: _isVdeRwnusCustom tag: Option? NoCustom BBCode Replacement:<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/{content}"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/{content}" type="application/x-shockwave-flash" wmode="transparent" width="425" height="350"></embed></object>------------Here is a YouTube video link:http://youtube.com/watch?v=_isVdeRwnusYou would just have to have them put in whatever was after: http://youtube.com/watch?v=Which in this case is:_isVdeRwnus
October 18, 200618 yr Uh, no, Brandon's saying that this can already be accomplished with custom BBCodes, as can a whole host of other things which might put your site in danger of being exploited :rolleyes:Brandon mentioned nothing about "a whole host of other things which might put your site in danger of being exploited"He said .. "I would say this is easily left to bbcodes - even custom bbcodes can accomplish this."It was this remark I answered, referring to TurXaliM's original post. :cool:
October 18, 200618 yr I did, indeed, mean custom bbcodes - or modifications that add new bbcodes (including buttons). There are certainly going to be a large enough portion of users that don't want the bbcode that would make it better left not as a default item.
October 18, 200618 yr @Keith:How safe is that method? Being as you're forcing Youtube.com it's pretty safe, no?
October 18, 200618 yr @Keith:How safe is that method? Being as you're forcing Youtube.com it's pretty safe, no?I would say it is pretty safe... but then again, it is only as safe as HTML allows it to be. I cannot vouch for any security of this BBCode, as I made it in around 2 minutes. :D
October 18, 200618 yr as I made it in around 2 minutes. :D :thumbsup: It's Super...And for Media Player of the Windows?It's safe also, i think... :unsure:
October 18, 200618 yr :thumbsup: It's Super...And for Media Player of the Windows?It's safe also, i think... :unsure:I think the issue is that with a regular WMP one you can direct it to ANY media, including dangerous ones.
October 18, 200618 yr I really wish I had a big fluffy bat that I could smack people with, having video attachtments on a page, is something I hate and think its really good staff agree that this sort of requested feature is a huge security risk.Till the internet is not a hostile place, I see no need for this feature, at least not till a more secure type of linkage at least.In 5 years, when security is better ( I hope ), then I will support this feature in products like IPB
October 19, 200618 yr I really wish I had a big fluffy bat that I could smack people with, having video attachtments on a page, is something I hate and think its really good staff agree that this sort of requested feature is a huge security risk.Till the internet is not a hostile place, I see no need for this feature, at least not till a more secure type of linkage at least.In 5 years, when security is better ( I hope ), then I will support this feature in products like IPBWith the big fluffy bat it seems you're contributing to the "hostility" of the internet :D
October 19, 200618 yr I think the issue is that with a regular WMP one you can direct it to ANY media, including dangerous ones.Mmmhmm, biggest problem is the flawed implementation of WMDRM License Acquisition. In fact, a while ago the recording industry came under fire for placing spyware in the license acquisition process for media files on the P2P networks. Frighteningly enough, Windows Media Player's license acquisition process runs at an even higher level than most IE windows and leaves all sorts of gates wide open for virii and spyware.If you do this, be sure you know what you're getting yourself and your viewers into.
October 19, 200618 yr This thread just goes to show how many op kiddies there are still around. Hopefully though their boards will die an agonising death through lack of activity and the internet will once again be ruled by those of us who know what we're doing and/or have at least half a brain cell to play with.
October 19, 200618 yr This thread just goes to show how many op kiddies there are still around. Hopefully though their boards will die an agonising death through lack of activity and the internet will once again be ruled by those of us who know what we're doing and/or have at least half a brain cell to play with.I'm confused as to who you're attacking here... those willing to install security risks on their forum just for the sake of having mods (which don't represent all mod users, some are very careful which mods they install)? Or those who wont install a modification because they're pretty sure it poses a risk?
Archived
This topic is now archived and is closed to further replies.