Jump to content

Sniff notification emails for sessions?

Marcher Technologies

By Marcher Technologies
in Feedback

Recommended Posts

Marcher Technologies Grand Master

Marcher Technologies

Posted
Posted

Simple suggestion to tighten security.
Say a member posts a url with a session id in it(happens too often here).
Say another member has subscribed for email notification of that topic.
An edit(if even done) is too late... the emails already either queud to send or Sent.
Is it not viable to "sniff" the post for session id links and remove the url session id bit?

Link to comment
Share on other sites
bfarber Grand Master

bfarber

Posted
Posted

Can you point out the specific emails where this happens? In 9/10 cases when we build an email, we use the board_url variable and manually build the full url, or we if we are building a FURL we use "publicNoSession" to ensure no session is added to the URL emailed to everyone. If any emails are including a URL, I would consider that a bug, but would need to know specifically which emails are a problem.

Link to comment
Share on other sites
Marcher Technologies Grand Master

Marcher Technologies

Posted
  • Author
Posted

Can you point out the specific emails where this happens? In 9/10 cases when we build an email, we use the board_url variable and manually build the full url, or we if we are building a FURL we use "publicNoSession" to ensure no session is added to the URL emailed to everyone. If any emails are including a URL, I would consider that a bug, but would need to know specifically which emails are a problem.



as the email itself contains the session hotlink to acp, i have pmed it directly to you rather than place it in open.
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Upcoming Events

    No upcoming events found
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...