Mark
-
Posts
36,220 -
Joined
-
Last visited
-
Days Won
114
Content Type
Downloads
Release Notes
IPS4 Guides
IPS4 Developer Documentation
Invision Community Blog
Development Blog
Deprecation Tracker
Providers Directory
Projects
Release Notes v5
Invision Community 5 Bug Tracker
Forums
Events
Store
Gallery
Everything posted by Mark
-
For the signature issue: that's a known bug. You need to run an SQL query on the posts table (I think it's the use_sig column needs to be set to 1). For the login issue: you shouldn't have uninstalled the converter app. The converter application keeps a record of the conversion, so when you log in, the authentication logic sees you ran a conversion, and applies the correct login function for the software you converted from. But when you uninstall an application, all it's data is deleted.
-
I'm glad your overall impression of the converters is positive :) For those couple of issues - could you send in a ticket? I've not heard of those happening before, but if I have access to the site I can work out what happened and touch up the converters if need be. Just ask for it to be sent over to the conversions department and it will find it's way to me. As for passwords, they definitely should be working, again, a ticket will allow me to fix that.
-
Calendar as seperate application akin to gallery/blog
Mark replied to Andy Millne's topic in Feedback
Technically, since 3.0, it is a separate application - when you install IPB for the first time, it asks you if you want to install it, which you can decline. The reason it is shipped with IPB is because it's always been there. It would be unfair to start charging for something which was previously free :) As for it 'taking a back seat' - I guess it's got to a point where there's not much more we can do with it. By all means, if you have suggestions for it, we'd love to hear them :) -
[quote name='G
-
I think some people tend to forget that the bug tracker is for reporting bugs and nothing more. Some people read through the tracker regularly and turn the reports into discussions - that's really not what the bug tracker is for. If you are experiencing an issue that is critical to the running of your board, then submit a ticket and we'll do the best we can to resolve the problem. It would be far too time consuming to expect the developers to post a fix for every issue.
-
It depends when you purchased your license. Best thing to do is send the sales department a ticket.
-
[quote name='G
-
What you're suggesting is basically the browser signature technique. While it's not necessarily a bad idea, it by no means mitigates all possibilities of session hijacking. While browser headers generally remain constant for the same user, and are relayed between proxies and gateways, it's not something that can be fundamentally relied upon. Also, it is possible for two users to have an identical signature, and a proxy may normalise the header values, making the check pointless in some cases. Also, the attacker could just make the user's browser submit a request to their own server, at which point they could capture the header values and manipulate what their browser is sending (a feat which is much easier than it sounds with a bit of social engineering). Like I say, it's not a bad idea, it just won't improve security as much as it sounds like it might when you first hear the idea. And there's certainly no immediate threat that needs to be patched anyway.
-
Sessions are used on pretty much any PHP-powered website and there is no fundamental security vulnerability in their use. That in the URL is just the session ID, and is IP matched. While things like browser signature checks could be added; they do not really add any security benefit. Obviously, you would never give out a URL to a page in your ACP ;)
-
IPB3.0.x: Ridiculous PM notification boxes when you get a long PM
Mark replied to John Swallow's topic in Feedback
The message used to be truncated in 2.x, but the problem was, if the message is truncated, BBCode has to be disabled (otherwise you risk a closing tag being truncated and messing up the entire page) - people said they didn't like this behaviour as if a message was heavily formatted, you just got a notification of BBCode tags. -
It's apples and oranges though, for example, the Standard license doesn't include telephone support while the Perpetual and Lifetime did and that is still honoured.
-
Yes, sorry, my point was it was something most people will never need to do, and if you ever do need to, it would only ever be once or twice. If the option to do it was public, then it could possibly be abused by people trying to have multiple boards on one license or what have you. It takes only a few clicks for someone to do it through a ticket, and allows us to make sure people are getting rid of the old installation before it's changed to the new location.
-
If you need to change your license URL you'll have to contact account assistance. Really, you should never need to change it.
-
Yes, but that would mean that the elevated privileges account would be used before the user authenticates as an admin.
-
But how would the system know if a user is in the ACP before it initiates the database connection? It has to check the admin_sessions table to verify if a user is in the ACP.
-
The main point of the Business license is phone support. Almost every ticket is answered in under 24 business hours: Standard or Business license. Anyone requiring faster response times than is offered by our Business license can always get a custom service.
-
piracy@invsionpower.com
-
Send in a ticket from the client area. It will ask you for your license URL before it allows you to submit tickets, that's just asking you where the board is installed (or in your case, where it will be installed) so that our technciains can locate your site when you send in a ticket :)
-
The bug tracker statuses and severities are for our reference, and mean different things in different projects ;) Basically, it's pointless to "confirm" a bug in that category, as you would in say, the IPB category. If a bug is confirmed in IPB, it means a developer was able to reproduce the problem locally... in the website category, there's only one site, so we don't need to reproduce locally ;)
-
Indeed, but not every browser has implemented all of the specifications yet. Hence why it works on some browsers but not others :)
-
Skins are cached to files anyway. While it would be technically possible, it wouldn't be all that fast as you'd have to be setting up and querying two databases on every page load instead of one.
-
Especially as this sort of thing requires a member of management to deal with - otherwise I would have of course done it myself :)
-
Today is a Sunday. While staff are available over the weekend, it's limited, and I doubt anyone will be around after 7.30pm ;) I would expect someone will get back to you on Monday.
-
/index is the default page - it's not "duplicate", it's just the default page, and thus accessible from the domain as well as it's actual location. Much like google.com and google.com/index.html
