Forum Insecurity

davar55 · 2010-11-06, 14:31

Attention super moderator. There's a potential security flaw in the forum.

You are aware that whenever one logs off, one is prompted to delete a
random account.

If this were a true opportunity for an attacker to wreak havoc on the forum
by repeatedly logging in and out and eventually deleting all our accounts
randomly, I would fear for the forum.

I'm sure this is not so.

However, imagine a stupid davar55 who tries to bring down the forum by just
such a denial of service attack. Repeatedly logging in and logging out.
One such davar55 is no danger. But suppose there's a team of davar55s (if there
could be such a thing) all trying to delete our accounts by repeated
login/logouts simultaneously. This might actually affect forum accessibility,
mightn't it? That random account message is a davar55 magnet.

Or maybe it's davar55 flypaper?

Uncwilly · 2010-11-06, 14:55

I think that the mods here do a fine job keeping Uncwillys out in the first place.

Prime95 · 2010-11-06, 15:59

I don't think the problem is too severe. In the past 6 years or so, my account has only been deleted twice.

retina · 2010-11-06, 16:04

And of course the prankster that is doing the repeated logging out eventually ends up deleting their own account. So the problem neatly solves itself.

davar55 · 2010-11-12, 18:10

Didn't intend to pursue this but it looks like
someone or something has swallowed a certain
word I overused in the OP and won't reuse here.
I guess the forum is protected by a 'certain word' gobbler.

Speaking of gobbling, Happy early Thanksgiving everyone.

Xyzzy · 2010-11-13, 04:58

The censor function is not enabled for the forum. Perhaps a moderator or super moderator edited your post?

davar55 · 2010-11-13, 14:13

Oh no, that can't be. Why would the super moderator pay unserious
attention to what was only a thinly veiled bit of levity concerning an
arguably totally unimportant solvable problem? I mean, just as no one
could damage the forum just by logging in and out, even in heavy
numbers (and this forum deals with the heaviest numbers), so too no
moderator would actually resort to physically editing a contributed post
when this could be done by, say, an enabled auto-censor function.
Now would they? We weren't aware that the T-word itself was to be
treated as expungeable, or we wouldn't have thrown it around so much.

Happy T-day (I mean Thanksgiving).

Xyzzy · 2010-11-13, 22:48

davar55 · 2010-12-08, 19:52

Quote:

Oh no, that can't be. Why would the super moderator pay unserious
attention to what was only a thinly veiled bit of levity concerning an
arguably totally unimportant solvable problem? I mean, just as no one
could damage the forum just by logging in and out, even in heavy
numbers (and this forum deals with the heaviest numbers), so too no
moderator would actually resort to physically editing a contributed post
when this could be done by, say, an enabled auto-censor function.
Now would they? We weren't aware that the T-word itself was to be
treated as expungeable, or we wouldn't have thrown it around so much.

Happy T-day (I mean Thanksgiving).

Sorry about this extra post, but I don't get that response.

Brian-E · 2010-12-09, 12:39

You're not seriously advocating an auto-censor function, are you?

Or are you?

They can produce ludicrous results for which the athlete Tyson G** was made an inadvertent victim.

OK, that was not the subject of your original posting but it genuinely isn't clear to me how serious you were then either.

xilman · 2010-12-09, 14:48

Quote:

Originally Posted by Brian-E

You're not seriously advocating an auto-censor function, are you?

Or are you?

They can produce ludicrous results for which the athlete Tyson G** was made an inadvertent victim.

OK, that was not the subject of your original posting but it genuinely isn't clear to me how serious you were then either.

The Scunthorpe problem strikes again. I thought that AOL's experiences some 14 years ago had indicated the fallout that can result from careless use of auto-Bowdlerizer software.

Paul

2010-11-06, 14:31	#1
davar55 May 2004 New York City 108A₁₆ Posts	Forum Insecurity Attention super moderator. There's a potential security flaw in the forum. You are aware that whenever one logs off, one is prompted to delete a random account. If this were a true opportunity for an attacker to wreak havoc on the forum by repeatedly logging in and out and eventually deleting all our accounts randomly, I would fear for the forum. I'm sure this is not so. However, imagine a stupid davar55 who tries to bring down the forum by just such a denial of service attack. Repeatedly logging in and logging out. One such davar55 is no danger. But suppose there's a team of davar55s (if there could be such a thing) all trying to delete our accounts by repeated login/logouts simultaneously. This might actually affect forum accessibility, mightn't it? That random account message is a davar55 magnet. Or maybe it's davar55 flypaper?

2010-11-06, 14:55	#2
Uncwilly 6809 > 6502 """"""""""""""""""" Aug 2003 101×103 Posts 9,787 Posts	I think that the mods here do a fine job keeping Uncwillys out in the first place. Last fiddled with by xilman on 2010-12-09 at 14:38 Reason: Bowdlerised

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
New Sub-forum?	R.D. Silverman	Forum Feedback	16	2015-11-07 08:29
Need a new sub-forum	rogue	Forum Feedback	7	2014-09-05 23:57
How did you get your forum name?	ixfd64	Lounge	41	2008-07-31 21:50
LMH Forum	edorajh	Lone Mersenne Hunters	1	2004-01-02 08:30
Forum+Weekends=Dead Forum on Weekends?	E_tron	Lounge	10	2003-09-03 02:43

2010-11-06, 15:59	#3
Prime95 P90 years forever! Aug 2002 Yeehaw, FL 2·53·71 Posts	I don't think the problem is too severe. In the past 6 years or so, my account has only been deleted twice.

2010-11-06, 16:04	#4
retina Undefined "The unspeakable one" Jun 2006 My evil lair 1834₁₆ Posts	And of course the prankster that is doing the repeated logging out eventually ends up deleting their own account. So the problem neatly solves itself.

2010-11-12, 18:10	#5
davar55 May 2004 New York City 108A₁₆ Posts	Didn't intend to pursue this but it looks like someone or something has swallowed a certain word I overused in the OP and won't reuse here. I guess the forum is protected by a 'certain word' gobbler. Speaking of gobbling, Happy early Thanksgiving everyone.

2010-11-13, 04:58	#6
Xyzzy "Mike" Aug 2002 2⁵×257 Posts	The censor function is not enabled for the forum. Perhaps a moderator or super moderator edited your post?

2010-11-13, 14:13	#7
davar55 May 2004 New York City 2·29·73 Posts	Oh no, that can't be. Why would the super moderator pay unserious attention to what was only a thinly veiled bit of levity concerning an arguably totally unimportant solvable problem? I mean, just as no one could damage the forum just by logging in and out, even in heavy numbers (and this forum deals with the heaviest numbers), so too no moderator would actually resort to physically editing a contributed post when this could be done by, say, an enabled auto-censor function. Now would they? We weren't aware that the T-word itself was to be treated as expungeable, or we wouldn't have thrown it around so much. Happy T-day (I mean Thanksgiving).

2010-12-09, 12:39	#10
Brian-E "Brian" Jul 2007 The Netherlands 3269₁₀ Posts	You're not seriously advocating an auto-censor function, are you? Or are you? They can produce ludicrous results for which the athlete Tyson G** was made an inadvertent victim. OK, that was not the subject of your original posting but it genuinely isn't clear to me how serious you were then either.