Welcome Guest.   Make a donation to an author on the site October 22, 2014, 07:37:27 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Read the Practical Guide to DonationCoder.com Forum Search Features
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Request for help - potential website security issue  (Read 1809 times)
Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,958



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« on: May 21, 2012, 04:56:35 PM »

I have set up a website for my local running club. A member has informed me that the private members' forum can be access just by browsing the website without entering a username and password and is therefore not private.

The website is www.swaledaleroadrunners.co.uk and I can't find any way to read forum messages without logging in.

Unfortunately the member is being unhelpful and refusing to tell me how they can achieve this.

Personally I suspect that it is them either being difficult or else just that they never log out so when they visit the site the stored cookie allows them to access the website again but the challenge is can anyone here read the forum without logging in and if so how?

Cheers

Carol
Logged

Stephen66515
Animated Giffer in Chief
Honorary Member
**
Posts: 2,644



see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #1 on: May 21, 2012, 05:04:40 PM »



Thats what I see on the forum page.
Logged

No trees were harmed during the creation of this message.  Millions of electrons, however, were terribly inconvenienced

"Think left and think right and think low and think high. Oh, the things you can think up if only you try!" - Dr. Seuss


Stephen66515
Animated Giffer in Chief
Honorary Member
**
Posts: 2,644



see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #2 on: May 21, 2012, 05:06:06 PM »

Side note...I think I just broke your disclaimer (No part of this website can be reproduced in any form without written permission) tongue
Logged

No trees were harmed during the creation of this message.  Millions of electrons, however, were terribly inconvenienced

"Think left and think right and think low and think high. Oh, the things you can think up if only you try!" - Dr. Seuss


Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,958



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #3 on: May 21, 2012, 05:06:38 PM »

Precisely - BUT this difficult member is saying that simply by browsing the website she can read the forum without logging in - I can't see how this is possible. AS far as I can tell no articles on the website link directly to forum articles and even if they did they should lead to a login page before being able to read the posting.

Side note...I think I just broke your disclaimer (No part of this website can be reproduced in any form without written permission) tongue

May be that should be 'may be reproduced' ! Anyway I give you permission ;-)

By the way if any one does find a security whole please let me know by PM - not on the open forum here.
Logged

Stephen66515
Animated Giffer in Chief
Honorary Member
**
Posts: 2,644



see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #4 on: May 21, 2012, 05:09:43 PM »

Precisely - BUT this difficult member is saying that simply by browsing the website she can read the forum without logging in - I can't see how this is possible. AS far as I can tell no articles on the website link directly to forum articles and even if they did they should lead to a login page before being able to read the posting.

Side note...I think I just broke your disclaimer (No part of this website can be reproduced in any form without written permission) tongue

May be that should be 'may be reproduced' ! Anyway I give you permission ;-)

By the way if any one does find a security whole please let me know by PM - not on the open forum here.

The member is probably just being stupid and not realized they are actually logged in lol
Logged

No trees were harmed during the creation of this message.  Millions of electrons, however, were terribly inconvenienced

"Think left and think right and think low and think high. Oh, the things you can think up if only you try!" - Dr. Seuss


rgdot
Supporting Member
**
Posts: 1,643


View Profile WWW Give some DonationCredits to this forum member
« Reply #5 on: May 21, 2012, 05:21:04 PM »

See the same as Stephen.

Only thing I can think of is masking or identifying as googlebot, but I don't believe many users know how and it won't work in many cases anyway.
Logged
wraith808
Supporting Member
**
Posts: 6,417



"In my dreams, I always do it right."

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: May 21, 2012, 05:46:32 PM »

Try

Formatted for Text with the GeSHI Syntax Highlighter [copy or print]
  1. http://webcache.googleusercontent.com/search?sourceid=chrome&ie=UTF-8&q=cache%3Awww.swaledaleroadrunners.co.uk%2Fforum


with the actual link to a page in place of the

Formatted for Text with the GeSHI Syntax Highlighter [copy or print]
  1. www.swaledaleroadrunners.co.uk%2Fforum
.  

I doubt that it will work, but it sometimes does.
Logged

Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,958



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #7 on: May 21, 2012, 06:02:05 PM »

Yes I wondered about caching but the forum pages aren't in the site map and are set not to index by google etc. As far as I can tell they are not cached (looking at the google webadmin index) and certainly if I look for a cached copy of a specific forum thread it comes up as not indexed by google.

I don't think the member would be able to craft that sort of URL anyway - they said it was just from browsing on the website.
Logged

x16wda
Supporting Member
**
Posts: 474


what am I doing in this handbasket?

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #8 on: May 21, 2012, 06:17:34 PM »

Well, if you can disable your user's site account, then that shouldn't interrupt access from what the user said, right?
Logged

vi vi vi - editor of the beast
Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,958



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #9 on: May 21, 2012, 06:49:03 PM »

Well, if you can disable your user's site account, then that shouldn't interrupt access from what the user said, right?

That was precisely my thought - unfortunately I only set up the site, I am not a club member myself so I can't really make that decision.
Logged

hamradio
Charter Honorary Member
***
Posts: 588



Amateur Radio Guy

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #10 on: May 21, 2012, 09:01:11 PM »

I cant find a way in my brief tests either however I did notice the website designed by link doesn't lead to Dales Computer Service...don't know if that is by design or if you forgot to change it.
Logged

Carroll - HamRadioUSA
Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,958



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #11 on: May 22, 2012, 03:54:14 AM »

Thanks hamradio - someone must have edited the link though I can't think why! (They largely manage their own content)
Logged

Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.052s | Server load: 0.19 ]