| Pages: 1 [2] 3 :: one page |
| Author |
Thread Statistics | Show CCP posts - 5 post(s) |
BeanBagKing
Ch3mic4l Warfare
The Ascendent Dominion
   |
Posted - 2010.03.28 19:32:00 -
[31]
 Originally by: Dr BattleSmith
HTML has changed?
No, they just release new versions for the hell of it, someone out there enjoys changing version numbers. 
http://www.w3.org/TR/html401/appendix/changes.html
Tags depreciated? maybe not, tbfh I'm not going to bother reading your script to find out, your ignorant statements are enough for me.
Originally by: http://en.wikipedia.org/wiki/HTML#HTML_version_timeline
November 24, 1995 HTML 2.0
You're 15 years behind, I simply can't find an excuse for this, using a WYSIWYG editor probably would have been better.
|
Dragonaire
Caldari
Corax.
New Eden Retail Federation
|
Posted - 2010.03.28 20:21:00 -
[32]
Dr BattleSmith you make a comment Quote:
Wish I could have you debug my proper projects.
a few thoughts come to mind for me when I read that.
- If you think so little of yourself as a professional to post something that bad you aren't much of a professional anyway and your 'proper projects' as you call them probably show it
- He doesn't think we are worthy of his best because he's not getting paid for it and that when we do our best we're wasting our time
- They won't know the difference just like my ignorant boss and our customers I don't do my best for them because they don't pay me what I think I'm worth why should I do any better for a bunch of stupid people that spend all day playing games
You'll notice in all of those you come across as being arrogant, ignorant, or both. Need least to say all of the developers that normally are on these forums have found those attitudes very offensive and almost every major developer that are regularly on this forum has posted something to that effect on this thread because of similar comments that seem to have those attitudes. What's been interesting to me is even developers that often take different sides on things here have come together in saying the same thing. But even with that you continue with the attitude that it doesn't matter and you don't care about what we think or about anyone that might decide to use what you made.
Anyway that my 0.02 ISK on it and I suggest that all the other developers follow my lead in not wasting any more time with this thread when it could be better used making something worthy of the great Eve community we try to do our best for every day with our projects.
--
Finds camping stations from the inside much easier.
Designer of Yapeal for Eve API.
|
Dr BattleSmith
PAX Interstellar Services
|
Posted - 2010.03.28 23:34:00 -
[33]
Originally by: Johnathan Roark
I didn't say it would. Most browsers are actually rather good at rendering bad HTML. One thing it will do though is slow it down because it has to figure out how it should parse it.
Bad HTML? Nothing wrong with the HTML I'm sorry.
Slow down? There is nothing complex at all any any browser will render that page at the same speed with or without doctype.
Originally by: Johnathan Roark
My point is the way you did it with a single string being used as a placeholder for all your generated HTML that it becomes hard to read.
Hard? Wow....
Originally by: Johnathan Roark
You should have doctypes defined.
I don't, get over it, they aren't needed here.
Originally by: Johnathan Roark
Your project's point was to attack an ALPHPA version of EVEGATE. Rather then polity pointing out improvements that could be made, you made something claiming it would work better then CCP's attempt.
um no not at all. This is a private addressbook with very few features, it doesn't function better then CCPs or anything of the sort.
It's sole purpose is to be private and separate from the eve database which was made public by CCP.
Originally by: BeanBagKing
Originally by: Dr BattleSmith
HTML has changed?
No, they just release new versions for the hell of it, someone out there enjoys changing version numbers.
http://www.w3.org/TR/html401/appendix/changes.html
So HTML, BODY, SCRIPT, STRONG, DL/DT/DD, and INPUT tags display differently in HTML today?
Originally by: BeanBagKing
You're 15 years behind, I simply can't find an excuse for this, using a WYSIWYG editor probably would have been better.
LOL!!! Amazing that ppl think HTML is a complex language that goes through major changes.
It hasn't really changed at all in 15 years, just had new things added, new things that aren't used in this template.
These attempts to attack me based on a HTML template with zero problems, due to some misplaced defence of CCP, is really, amazingly, pathetic.
|
Dr BattleSmith
PAX Interstellar Services
|
Posted - 2010.03.28 23:54:00 -
[34]
LOL So I decided to see just how stupid this HTML arguement is.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
2 Errors from validator.
1) LANGUAGE attribute of script tag. I'll include this regardless of strict standard as it stops exploits on systems with non-standard default scripting language.
2) INPUT tag wants to be inside a block even when it's a hidden element.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
Passed, No changes.
So lets see...... My 15 year out of date HTML is valid HTML 4.01 Transitional with ZERO modifications.
So much for the last page of bull**** from you guys.
|
Lumy
Minmatar
eXceed Inc.
HYDRA RELOADED
|
Posted - 2010.03.29 00:14:00 -
[35]
So it wasn't 100% valid HTML after all, despite your previous claim.
Also you claimed it was supposed to be HTML 2.0. You know what? HTML 2.0 does not support tables! And yet your generated code uses them. (I actually looked it up in spec, for the lulz.) So your talk about how HTML is all the same is even more hilarious.
This thread is comedy gold. It's like showcase of human ignorance. Thanks for entertainment, pal.
Joomla! in EVE - IGB compatible CMS. |
Dr BattleSmith
PAX Interstellar Services
|
Posted - 2010.03.29 00:24:00 -
[36]
Originally by: Lumy
Also you claimed it was supposed to be HTML 2.0. You know what? HTML 2.0 does not support tables!
ugh actually I claimed it was as basic as HTML 2 and that this mattered not at all.
So the IGB is going to have problems with this very basic HTML? It's going to render slow?
Fat chance.
The original statement was someone saying the HTML was invalid and written by a WYSIWYG.
Completely false and ridiculious.
Originally by: Lumy
This thread is comedy gold. It's like showcase of human ignorance. Thanks for entertainment, pal.
Yeah I've got a good laugh outta the witchhunt.
Amazing just how pathetic some people can be.
Choosing the most basic part of the script, the part that doesn't matter at all, and making it into a big fuss.... Simply moronic.
|
Johnathan Roark
Caldari
The Graduates
Morsus Mihi
|
Posted - 2010.03.29 01:19:00 -
[37]
Originally by: Dr BattleSmith
Originally by: Johnathan Roark
I didn't say it would. Most browsers are actually rather good at rendering bad HTML. One thing it will do though is slow it down because it has to figure out how it should parse it.
Bad HTML? Nothing wrong with the HTML I'm sorry.
Slow down? There is nothing complex at all any any browser will render that page at the same speed with or without doctype.[/qoute]
Without the doctype, the browser has to determine what it is, which is time that could be spent doing something else.
Originally by: Dr BattleSmith
Originally by: Johnathan Roark
My point is the way you did it with a single string being used as a placeholder for all your generated HTML that it becomes hard to read.
Hard? Wow....
Say I want to change how something looks in this app: I have to change template.html, in index.php, i would have to look at line 63, 64, 68, 74, 81, 86, 88, and/or 183. That's a lot of places to look to change some simple HTML. Also, all of your HTML could not pass validation even with doctypes as <FONT></FONT> has been depreciated. I haven't bothered running the app to see what else wont pass.
Originally by: Dr BattleSmith
Originally by: Johnathan Roark
Your project's point was to attack an ALPHPA version of EVEGATE. Rather then polity pointing out improvements that could be made, you made something claiming it would work better then CCP's attempt.
um no not at all. This is a private addressbook with very few features, it doesn't function better then CCPs or anything of the sort.
It's sole purpose is to be private and separate from the eve database which was made public by CCP.
I know I have a setting to disallow others to see my contacts. The EVEGATE Proof comment in the title of this thread makes me think this was intended to be a jest at evegate.
Originally by: Dr BattleSmith
Originally by: BeanBagKing
Originally by: Dr BattleSmith
HTML has changed?
No, they just release new versions for the hell of it, someone out there enjoys changing version numbers.
http://www.w3.org/TR/html401/appendix/changes.html
So HTML, BODY, SCRIPT, STRONG, DL/DT/DD, and INPUT tags display differently in HTML today?
Originally by: BeanBagKing
You're 15 years behind, I simply can't find an excuse for this, using a WYSIWYG editor probably would have been better.
LOL!!! Amazing that ppl think HTML is a complex language that goes through major changes.
It hasn't really changed at all in 15 years, just had new things added, new things that aren't used in this template.
These attempts to attack me based on a HTML template with zero problems, due to some misplaced defence of CCP, is really, amazingly, pathetic.
They also remove things from it such as the font tag.
POS-Tracker 3.0 Hosting |
Dr BattleSmith
PAX Interstellar Services
|
Posted - 2010.03.29 02:28:00 -
[38]
Originally by: Johnathan Roark
They also remove things from it such as the font tag.
Why would I define a whole style sheet just to turn error text red?
http://www.w3.org/TR/REC-html40/present/graphics.html#edef-FONT
Deprecated but still 100% valid HTML and understood by all user-agents including IGB.
Really this "your HTML is invalid" argument was weak as **** when it first got stated, only gets weaker since I've shown it validates as HTML4.0
Is this really the best you can come up with?
|
Lumy
Minmatar
eXceed Inc.
HYDRA RELOADED
|
Posted - 2010.03.29 08:18:00 -
[39]
Originally by: Dr BattleSmith
Guess you missed the part where it passed the W3C validator with zero changes.
I didn't missed the part where you had to add doctype to make it pass.
Quote:
A valid HTML document declares what version of HTML is used in the document. The document type declaration names the document type definition (DTD) in use for the document (see [ISO8879]).
Source: http://www.w3.org/TR/REC-html40/struct/global.html#h-7.2
Also I didn't missed the part where w3c validator (do you use some other one?) detects an error
Quote:
Line 5, Column 30: required attribute "TYPE" not specified
Let me remind you this is validated as HTML 4.01 Transitional. Did you missed that one, or have you left it out on purpose?
Nitpick: I actually left out all PHP warnings before <html> tag.
Originally by: Dr BattleSmith
ugh actually I claimed it was as basic as HTML 2 and that this mattered not at all.
Originally by: Dr BattleSmith
Semantically correct? It's HTML 2.0, I doubt you could find any errors in code that simple :-D
Do you always contradict yourself? Also I could find errors in code that simple.
Originally by: Dr BattleSmith
The original statement was someone saying the HTML was invalid and written by a WYSIWYG. Completely false and ridiculious.
It was invalid at the time. And, let me quote original:
Originally by: Captain Greeneyes
It looks like the HTMl was made from a WYSIWYG editor. x_x
Saying something "looks like" and "is" are two quite different statements. But hey, really nice straw man.
Originally by: Dr BattleSmith
Yeah I've got a good laugh outta the witchhunt.
Amazing just how pathetic some people can be.
Choosing the most basic part of the script, the part that doesn't matter at all, and making it into a big fuss.... Simply moronic.
"witchhunt" 
Security does not matter, validity does not matter, errors do not matter, others opinions do not matter, users are supposed to be idiots. Great way to start a project. :thumbsup:
Anyway, I promise I'll stop this "witchhunt" , if you manage to post at least one reasonable response without contradicting yourself or insulting someone. Or admitting mistake, but that would probably cause universe to implode.
Joomla! in EVE - IGB compatible CMS. |
Dr BattleSmith
PAX Interstellar Services
|
Posted - 2010.03.29 09:11:00 -
[40]
Edited by: Dr BattleSmith on 29/03/2010 09:13:17
Originally by: Lumy
I didn't missed the part where you had to add doctype to make it pass.
Are you serious? I had to add the doctype to use the validator, to show idiots there was zero problem with the HTML.
Originally by: Lumy
Also I didn't missed the part where w3c validator (do you use some other one?) detects an error
http://validator.w3.org/check?uri=http%3A%2F%2Fwww.pax-group.com%2Ftemp%2Fvalid_for_idiot.html&charset=%28detect automatically%29&doctype=Inline&group=0
Quote:
This document was successfully checked as HTML 4.01 Transitional!
You mean that? Error?
edit: ahhh yes in the SVN it's different to the one I'm using.... No biggy... Still renders fine and always has, commit a change if you like :-P
Originally by: Lumy
Originally by: Dr BattleSmith
Semantically correct? It's HTML 2.0, I doubt you could find any errors in code that simple :-D
Do you always contradict yourself? Also I could find errors in code that simple.
Oh sorry, taken literially it says "This is validated HTML 2.0"..... Taken as intended it says "You're an idiot it's just HTML".
Originally by: Lumy
Security does not matter
No it doesn't this is a private script for private use on private URL not exposed to the public.
There are no code execution errors only things that allow data entry.
Users do not generally hack themselves to access their own data.
Originally by: Lumy
validity does not matter
Of course it doesn't. All that matters is that the page renders in IGB.
Originally by: Lumy
errors do not matter
I've patched any you've pointed out.
Originally by: Lumy
others opinions do not matter
Not when they are fools who are only commenting to "defend" CCP like they've been personally insulted by the very prospect of this script existing.
Originally by: Lumy
users are supposed to be idiots
Users are happy, idiots who are only here to troll aren't.... Big surprise there.
Originally by: Lumy
Great way to start a project.
It's not a project.... It's a simple lil script that ppl may use if they want to.
|
Lumy
Minmatar
eXceed Inc.
HYDRA RELOADED
|
Posted - 2010.03.29 09:42:00 -
[41]
Edited by: Lumy on 29/03/2010 09:47:06
Dr BattleSmith: The HTML is 100% valid idiot.
Lumy and others: No, it isn't. Here are the errors.
Dr BattleSmith fixes errors.
Dr BattleSmith: The HTML is 100% valid, here's the link.
 I wonder what's wrong with that.
Originally by: Dr BattleSmith
I've patched any you've pointed out.
Not on the SVN.
Originally by: Dr BattleSmith
Not when they are fools who are only commenting to "defend" CCP like they've been personally insulted by the very prospect of this script existing.
I haven't notice I've been defending CCP. Just rebutting your arguments. But I must admit, on some level I'm personally insulted. This is the kind of sloppy work that gives PHP developers bad name.
Originally by: Dr BattleSmith
Users are happy, idiots who are only here to troll aren't.... Big surprise there.
[troll]What users? Do you mean "you"?[/troll]
Ok, disregard the last comment. That was me really trolling. 
Edit: I've made basic mistake of not being specific enough. You would probably interpret "last comment" as whole post. Hence the [troll] markup.
Joomla! in EVE - IGB compatible CMS. |
burning raven
omen.
|
Posted - 2010.03.29 12:31:00 -
[42]
Originally by: Lumy
This is the kind of sloppy work that gives PHP developers bad name.
Silly PHP developers!!! *tut*
|
Catari Taga
Centre Of Attention
Rough Necks
|
Posted - 2010.03.29 14:10:00 -
[43]
This thread fascinates me. I can't remember anybody ever being trolled so hard for taking the time to post a free snippet of code. But since both sides seem to enjoy splitting hairs please go on, it's kinda amusing.
|
Dr BattleSmith
PAX Interstellar Services
|
Posted - 2010.03.29 14:58:00 -
[44]
lol simply pathetic
I've said from the start the HTML doesn't matter at all.
Work on the semantics of what I've said, pull it apart all you like. However that doesn't change the simple fact,
that you're focused on what must be the most ridiculous and moronic point ever made.
|
Kleve Klaw
Caldari
|
Posted - 2010.03.29 15:34:00 -
[45]
So let me get this straight, the OP posts a free tool to use, made using his own time and all you lot can do is pull it apart? Sorry but if you can do better then please do it and let those that wish to use it do so. This is the whole reason why most people write apps for use but dont post them.
|
Dr BattleSmith
PAX Interstellar Services
|
Posted - 2010.03.29 23:51:00 -
[46]
I've removed the doctype that was added just to show these morons that the HTML is fine.
File is back to being as simple as it needed to be.
They can add a doctype if they feel it means the world will explode.
|
Dragonaire
Caldari
Corax.
New Eden Retail Federation
|
Posted - 2010.03.30 16:58:00 -
[47]
I know I said I wasn't going to post again on this thread but I thought it was important that I apologize for myself and the other developers. We failed to understand that Eve players don't expect us to do our very best for them on our own projects and hold each other and anyone that claims to be making something that's better than what CCP does to the same high standard. I'm sure if we'd all known before you felt that way we'd have not bothered saying anything. We'd also have been doing the same things on our own projects as Dr BattleSmith has when someone let's us know something isn't work correctly or could be improved. We'd start by making sure to make fun of you and say it doesn't matter just like Dr BattleSmith has done. I'm sure this will make all our projects much easy and we can spend a lot less of our time answering you or working on our project and spend more time just playing Eve instead. You'll apparently prefer it that way from what Catari Taga and Kleve Klaw are suggesting.
So once again I apologize for myself and all the other developers that have been make the applications and other software like EveMon, POS Tracker, etc that you all use daily. We now know that you really don't expect our best and we can just say it doesn't matter and make fun of you when you complain about problems with anything we work on. I'm sure that will make our lives easier since if you don't care to have software of the best possible quality we can make we don't need to either right?
--
Finds camping stations from the inside much easier.
Designer of Yapeal for Eve API.
|
Dr BattleSmith
PAX Interstellar Services
|
Posted - 2010.03.30 23:47:00 -
[48]
ROFL!!!
Yeah because Evemon and Pos tracker were written in 10mins and designed to be single user utility scripts :-D
Good one.
You expect a lot from such a simple little addresbook script :-D
|
Dr BattleSmith
PAX Interstellar Services
|
Posted - 2010.03.31 00:07:00 -
[49]
Lets make this simple for you....
Better then CCP?
I have never claimed this was more secure then EveGate.
Just that it's separate to the Eve database so you can be sure your contacts are private regardless of what happens on EveGate.
XSS?
It's a single user script on a private URL.
Just like Mac has no virus because not enough people use Mac, so this script is hard to target because it's URL is not public.
HTML valid?
Do you really believe IGB has any trouble at all parsing this very amazingly basic HTML template?
Javascript Injection?
Why would a user hack themselves?
Groups input not being validated?
What if they want to change the dropdown to a text field?
Plaintext password
That code is only there as a demo for anyone intending to put a very basic password on the front.
For myself I comment those lines and just go straight in. There is no username combo and any MITM wouldn't get anything of value.
Show me one issue that matters at all in this context and I'll fix it.
Talk **** just to be cool and I'll show you to be an idiot.
|
Catari Taga
Centre Of Attention
Rough Necks
|
Posted - 2010.03.31 00:13:00 -
[50]
Originally by: Dragonaire
I know I said I wasn't going to post again on this thread but I thought it was important that I apologize for myself and the other developers. We failed to understand that Eve players don't expect us to do our very best for them on our own projects and hold each other and anyone that claims to be making something that's better than what CCP does to the same high standard. I'm sure if we'd all known before you felt that way we'd have not bothered saying anything. We'd also have been doing the same things on our own projects as Dr BattleSmith has when someone let's us know something isn't work correctly or could be improved. We'd start by making sure to make fun of you and say it doesn't matter just like Dr BattleSmith has done. I'm sure this will make all our projects much easy and we can spend a lot less of our time answering you or working on our project and spend more time just playing Eve instead. You'll apparently prefer it that way from what Catari Taga and Kleve Klaw are suggesting.
So once again I apologize for myself and all the other developers that have been make the applications and other software like EveMon, POS Tracker, etc that you all use daily. We now know that you really don't expect our best and we can just say it doesn't matter and make fun of you when you complain about problems with anything we work on. I'm sure that will make our lives easier since if you don't care to have software of the best possible quality we can make we don't need to either right?
I know you are just trying a weak attempt at sarcasm but to give you a serious answer: Yes, you are correct, the users will always prefer to have the choice between several free tools and deal with possible bugs in them rather than have nothing.
If the first release of EVEMon had been met with the hostility that this script here has to deal with its developers would never have invested the time to develop it further to the "best possible quality" (and EVEMon really did not use to be a good example for best possible quality anyway).
So just get off it, the man made a typo, as if you never made one. The other arguments are just ridiculous. If his tool is not any good, the "market" will sort it out and noone will use it. Or if people will use it and you still think it is not any good, just make a better one.
|
Lumy
Minmatar
eXceed Inc.
HYDRA RELOADED
|
Posted - 2010.03.31 08:26:00 -
[51]
@Catari Taga
1. If the first release of any other projects (EVEMon, EFT, Yapeal, whatever) started with attack on someone's else work
2. If their work had the same flaws (or even worse) as the work they were attacking
3. If they reacted with insults to any issues pointed out (no matter how petty they thought they were)
4. Called everybody left and right including users idiots
... I guess they would met with "hostility" and "trolling" too. Unless they showed at least some level of competence.
But that doesn't matter anymore. Dr BattleSmith already showed us what is his work good for, how is he willing to deal with any kind of critique and what does he thinks about any of us. I guess it's time let this thread rot.
Joomla! in EVE - IGB compatible CMS. |
Johnathan Roark
Caldari
The Graduates
Morsus Mihi
|
Posted - 2010.03.31 22:20:00 -
[52]
Originally by: Catari Taga
Originally by: Dragonaire
I know I said I wasn't going to post again on this thread but I thought it was important that I apologize for myself and the other developers. We failed to understand that Eve players don't expect us to do our very best for them on our own projects and hold each other and anyone that claims to be making something that's better than what CCP does to the same high standard. I'm sure if we'd all known before you felt that way we'd have not bothered saying anything. We'd also have been doing the same things on our own projects as Dr BattleSmith has when someone let's us know something isn't work correctly or could be improved. We'd start by making sure to make fun of you and say it doesn't matter just like Dr BattleSmith has done. I'm sure this will make all our projects much easy and we can spend a lot less of our time answering you or working on our project and spend more time just playing Eve instead. You'll apparently prefer it that way from what Catari Taga and Kleve Klaw are suggesting.
So once again I apologize for myself and all the other developers that have been make the applications and other software like EveMon, POS Tracker, etc that you all use daily. We now know that you really don't expect our best and we can just say it doesn't matter and make fun of you when you complain about problems with anything we work on. I'm sure that will make our lives easier since if you don't care to have software of the best possible quality we can make we don't need to either right?
I know you are just trying a weak attempt at sarcasm but to give you a serious answer: Yes, you are correct, the users will always prefer to have the choice between several free tools and deal with possible bugs in them rather than have nothing.
If the first release of EVEMon had been met with the hostility that this script here has to deal with its developers would never have invested the time to develop it further to the "best possible quality" (and EVEMon really did not use to be a good example for best possible quality anyway).
So just get off it, the man made a typo, as if you never made one. The other arguments are just ridiculous. If his tool is not any good, the "market" will sort it out and noone will use it. Or if people will use it and you still think it is not any good, just make a better one.
EVEmon had a lot of bugs when it was first released but those who made it where not negative to ccp, users, or other 3rd party app devs. They also where proactive about fixing issues. Dr BattleSmith actually undid a fix.
POS-Tracker 3.0 Hosting |
Dr BattleSmith
PAX Interstellar Services
|
Posted - 2010.03.31 23:12:00 -
[53]
That wasn't a fix.
It wasn't a bug.
It wasn't an error.
It was a demonstration of how ridiculous the so called "constructive criticism" was.
Show me a bug and I'll patch it as I have for the actual bugs that have been shown here.
The rest is just forum warriors wanting to be cool.
Comparing this with Evemon? geeeeeeez what a stretch that is.
|
Dr BattleSmith
PAX Interstellar Services
|
Posted - 2010.03.31 23:37:00 -
[54]
Originally by: Lumy
Called everybody left and right including users idiots
That was you. I said no such thing.
|
Dr BattleSmith
PAX Interstellar Services
|
Posted - 2010.04.01 00:17:00 -
[55]
Originally by: Lumy
Called everybody left and right including users idiots
That was you. I said no such thing.
edit:
To save you time and avoid the inevitable miss-quote.
Originally by: Dr BattleSmith
Originally by: Lumy
Originally by: Dr BattleSmith
The security issues aren't relevant in this context.
Then why do you even bother with password?
For idiots that think they need one.
Notice how it doesn't even have a username?
Had a little chuckle to myself predicting someone would have a go at it for being plain-text.
You were the idiot that picked apart it being plain-text, congrats! :-D
To which you replied, putting words in my mouth and reapplying what I've said to all users.
Originally by: Lumy
At least now we know who are target users of your scripts, and what do you think of them. Really good to know.
So if anyone has called users idiots it is yourself.
You seem to have a problem with scope. I really can't imagine a script of this scope having all the garbage you've stated it must.
Does it not work?
Does it not do what it says on the tin?
Is it not secure enough for it's task?
Hack me.
If it's so very amazingly bad.... Hack me.
What's that? You don't know where to start?
|
|
CCP Adida
|
Posted - 2010.04.01 14:17:00 -
[56]
Get this back on topic guys. Removed trolling posts and edited out some.
Adida
Community Rep
CCP Hf, EVE Online
|
|
Dr BattleSmith
PAX Interstellar Services
|
Posted - 2010.05.27 00:53:00 -
[57]
Edited by: Dr BattleSmith on 27/05/2010 00:54:15
Bump for all those that just had to delete all their contacts or lost all their folders with Trannys.
It's a very basic script, just yell if you think it needs features added.
edit: thinking the groups feature would be better simply as searchable tags.
|
Ilyk Halibut
Blackman Industries
Forbidden Domain
|
Posted - 2010.05.27 13:58:00 -
[58]
Appreciate the effort, but a Google Docs Spreadsheet is probably a better solution than this. As pointed out, this application is vulnerable to a number of potential exploits. Security through obscurity is no longer viable with the wide variety of sniffing and interception techniques available today. The XSS vulnerability and flatfile storage with no real protection mechanism worry me personally.
This is not at all a flame, and your work is appreciated, but I'd be irresponsible for not objectively warning other potential users that this application is a security liability. Simple and basic or not, this ship isn't tight.
I offer the following reading material to help clean the XSS issues up:
http://en.wikipedia.org/wiki/Cross-site_scripting
|
Dr BattleSmith
PAX Interstellar Services
|
Posted - 2010.05.28 00:33:00 -
[59]
I don't believe there are any XSS issues here.
1) identify target
2) findout their private addressbook url
3) draw them to payload page that targets the addressbook.
Doesn't really make any sense.....
If they had the private addressbook url they'd just go and use it, no need to XSS lol.
It's a true statement and yes there are XSS issues in the code,
just they don't matter in this context as there is no security to bypass.
Anyone XSS attacking this script is missing the fact they never needed to bother.
I do like the fact there are people around that understand security issues like this,
on most projects I'd have everything under tokens and fully secure, but for this code
the whole point is security through obscurity, that's the point, that's what the script is.
|
Asperath Fernandez
|
Posted - 2010.05.28 03:06:00 -
[60]
Originally by: Dr BattleSmith
Edited by: Dr BattleSmith on 28/05/2010 00:39:16
I don't believe there are any XSS issues here.
Security through obscurity best security
|
| |
|
| Pages: 1 [2] 3 :: one page |
| First page | Previous page | Next page | Last page |