FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » FUDforum Suggestions » Avatars and URL control
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
Avatars and URL control [message #35857] Sat, 17 February 2007 17:07 Go to next message
Marticus   United States
Messages: 272
Registered: June 2002
Karma: 1
Senior Member
Hey! Long time no post. I have a new question regarding the security of a new site I am building. How difficult would it be to add an option to allow URL avatars while prohibiting URLs from outside the domain? I have two sub domains, the forums on one, and an avatar generator on another. The rest is self explanitory. Thanks!

Marticus
Re: Avatars and URL control [message #35860 is a reply to message #35857] Sat, 17 February 2007 18:23 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
It leaves too much room for holes IMO, there are no plans to add such functionality into the stock FUDforum.

FUDforum Core Developer
Re: Avatars and URL control [message #35861 is a reply to message #35860] Sat, 17 February 2007 21:02 Go to previous messageGo to next message
Marticus   United States
Messages: 272
Registered: June 2002
Karma: 1
Senior Member
Thanks for the reply. If it isn't too much trouble I would like to hear about the holes of which you speak.
Re: Avatars and URL control [message #35868 is a reply to message #35861] Sun, 18 February 2007 16:58 Go to previous message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
There is possibility of someone injecting XSS onto a trusted domain allowing them to then inject JS code via avatars into forum page potentially leading to session take over.

FUDforum Core Developer
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: Any plans for spam protection?
Next Topic: Update "Upgrade Documentation"
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 24 14:13:13 GMT 2024

Total time taken to generate the page: 0.02605 seconds