Ocean West

You could also use CloudFlair to combat intense attacks. 

You could also use CloudFlair to combat intense attacks. 

During upgrading can we please change the Username/Password fields (what ever mechanism) to allow use of 1Passowrd.  Ideally add ability to sing in using Apple/FB/Google? 
 

The reality is, the more you use, the more secure it is. 

I have created a ticket on this for you, so we can take a close look

https://www.theregister.com/2023/05/23/meta_giphy_sale/ 
Interesting read. 

Can you please adjust the tags or IDs or whatever is needed so that this page will work with 1Password. 
https://developer.1password.com/docs/web/compatible-website-design/

Can you please adjust the tags or IDs or whatever is needed so that this page will work with 1Password. 
https://developer.1password.com/docs/web/compatible-website-design/

Can you please adjust the tags or IDs or whatever is needed so that this page will work with 1Password. 
https://developer.1password.com/docs/web/compatible-website-design/

lol, I leave mine on I am instantly able to see they are spammers and then ban them no real user seems to ever fill out their profile to such completeness. 

You've been here before 😉 

I'd be more concerned about sending webhooks to a US-based company there is a lot of PII in there including all profile info if they provided such as email, gender, birthday, full name, and all profile fields even if we disallow showing them publicly their profile.

 

I'd be more concerned about sending webhooks to a US-based company there is a lot of PII in there including all profile info if they provided such as email, gender, birthday, full name, and all profile fields even if we disallow showing them publicly their profile.

 

That would be true if IPS was using a physical drives and servers, etc.  IPS uses clustered services and does not rely on a single database, etc.  There are multiple read/write clusters that exist.  Also in the event of a disaster, there are multiple types of backups of the data (ones designed to be retrieved quickly, and others that are designed for "OMG THE WORLD IS ENDING" scenarios).
There's not much of a chance of needing to resort to a data recovery service.  🙂 

I can assure you that we do not have physical drives or servers.

That would probably slow things down as you need to keep multiple DB connections open and less chance of using joins, etc.

I don't know the performance barriers to SQL databases but my thought was more a separation of concerns. Would it be better to have separate DB file for say all marketplace apps? vs modifying core files? I am sure I have database detritus of columns from old stuff that just keeps hanging around. 

I am finding I have a lot of "custom" Friendly URLs that have the "revert" option - I've screen shot a few and reverted them and they look identical not sure if this was just legacy stuff that never got a second look.

There should be ACP log for when things are enabled or disabled - especially as part of a bulk operation. Using the ACP support feature to disable or by SOP by IPS when reviewing tickets use of this will disable apps / plugins and advertisements. Having a timestamped log of when and what items was disabled it may make it easier to enable things so you can be back to business without extra struggle. 
Namely advertisements which may have expired or ads that may be turned off for other reasons you have know way of knowing which ads were disabled during this bulk operation. 
 
 

Happy Hump Day! Sort of… 
I have a bit of news to share with you: this will be my last Hump Day as I am stepping down from Invision Community. 😢 
I am transitioning to a new role at Amazon. I’ll be creating content and engagement solutions for AWS. 
I’d like to take a moment to thank this community for welcoming me with open arms. When I first started my journey as an Invision Community team member, I focused on community advocacy and connecting clients with the team. We quickly realized my, um... exuberance was better suited in marketing and sales. 
Creating content around Invision Community opened my eyes even further to how brilliantly crafted this platform is and the team behind it.
I've also genuinely enjoyed communicating with industry professionals every day who showed interest in adding a community component to their business.
So many incredible Achievements (😏) happened along the way; I’m grateful I was a part of Invision Community’s success as we blazed through the 20-year anniversary. 🎉 
Now, you won’t be rid of me entirely. My own community, BreatheHeavy, will still remain on the Invision Community platform. I look forward to staying connected with all of you here!
Thank you for engaging and interacting with me these last few years. 
Please feel free to PM me here if you have any feedback, questions or well wishes. 😃 
I want to give a special thanks to @Charles for being my mentor and seeing potential in me (even when I didn't). 
And before I go, here’s a list of updates and changes made to the platform in the last seven days:
 

Thank you, 🙏 
-Jordan
 

Hey it would be kind of cool to customize the gift cards with photos from Pixelbay

Never seen update take this long I am stuck at step 4 extracting, been like that for several minutes. Should I refresh the page?
resolved - refresh worked. 

I am on Safari (M1 Monterey) and (Intel, Ventura)
I have disabled all safari's extensions. (1Password ) I have disabled any auto fill's. I am not using MacOS / iCloud Passwords  I can click SIGN OUT all day long it shows me as logged out. however I click "Log in > Sign in With Email" and NEVER prompted for credentials.  I have cleared browser cache several times. I have restarted browser several times.  when ever this came in to play I haven't seen a Email / Password field.

Two weeks ago I was out of state and remote back to my office to work on things and seen the same behavior 2000 miles away. Between my iMac at Home and my Laptop in the hotel. 
 

I don’t know. What would it solve exactly? Every password manager is already easy to use and it works on every website. Adding dedicated implementations for specific password managers only sounds beneficial to the provider of that one password manager. 
The concept of password-less logins is around the corner and I think that is more promising. 
https://www.apple.com/newsroom/2022/05/apple-google-and-microsoft-commit-to-expanded-support-for-fido-standard/
 

The only thing exposed with that is IPS version 4.  That is more than 7 years of releases.  In fact well more than 100 releases during that time frame.  There is not a lot of information exposed even if there was someone motivated enough to look. 

A real attacker would be able to tell a site is using IPB simply by viewing the source and looking at the structure of the code to figure out a site is using IPB. The purpose of removing a SPECIFIC version number such as 4.6.1 is to prevent exploit of something that might uniquely exist in that version. This does not expose that.