Beepster


 a ramblin' man. ;-) 

born that way? ..lol

I've had that tune stuck in my head since I typed that. lol

In regards to the forums software only...

Just because you may not think this is an issue for yourself, you shouldn't assume it's the same for other people.

You can be sure plenty of people will not want to their passwords exposed. There's also a possibility accounts could be hijacked.
I'm not saying this is the actualy case with ASPPlayground 3.5, but it very possibly could be. Cross site scripting vunerabilities are NOT GOOD. And no your antivirus will do nothing in this instance, the software is running on THEIR server, not your PC (I hope they have a virus scanner on their server though ;).

All Cake needs to do is upgrade from 3.5 to 3.9 plus install service packs and patches etc. They then need to build in a policy of checking the ASPPlayground.Net every month or so to make sure there are no other little surprises.

NB I'm sure it's not a big issue to change the colours if that became a priority for some reason. No they do not need to start from scratch, but if they did I recommend upgrading the whole internet infrustructure to DotNetNuke (and they can give me a call because that is what I do).

This could go on forever

This thread was born in back seat of a Greyhound Bus, rolling down highway 41, 

I think someone could eventually log on to my toaster and hijack my refrigerator, but that won't expose my oven!

Bob Bone

Alex and I are on the same page here. The forum software needs to be upgraded or fixed or whatever it needs. Its not just bad for posting its also bad for reading those posts that are unformatted. This post was done in FF16 and the forum offers no features at all. BTW it was formatted when it was written.

Wrong analogy

If somebody broke into your home, your oven, toaster and refrigerator are exposed. Cross site scripting can access a database server through a web application (i.e. forums software) which can in turn COULD access other data (depending on how it is set up).  This is a back door route. Either way they could get peoples passwords which could be used elsewhere, and you just don't let that happen because database servers have their own security vunerabilities anyway, so you make sure they get nowhere near access the database's tables.

THAT IS SERIOUS.

Said all I need to say but no doubt I'll be bouncing the thread every now and then until somebody from Cake finally takes notice.

Agreed John :). That is a pain in the arse plus it takes forever sometimes for the page to perform a postback upon submission of a post.

If someone can figure out how to come through my toaster into my bank account I will shake their hand in amazement.

Look I have 38 years in IT, I get it - always have.

Your point valid - a couple of us indicated that.

1)  The control of the forum is not something any of us control.  You have passed on your concerns to Cakewalk
2)  I do not happen to agree with you whatsoever on the likelihood of this particular forum containing anything of any particular value to anyone outside of this forum.
3)  If one or many people posting in a public forum are using the same user names and passwords here that they use to access their sensitive and/or financial data from other sites, then they are pretty much deserving to reap the consequences of that ignorance in this day and age.  That would be essentially like someone having an ultra-secure system with their password written on a post-it note stuck to their monitor, or someone leaving a note taped on the door telling the neighborhood teenager where they left the keys to the house while they are gone on vacation, so they can water the petunias.
4)  Get over it or don't - I'm still tapping my foot while humming Ramblin Man, the forum is what it is, and people are who they are.
5)  I bet you my blender that you can't get through my toaster and into my oven, even if you DO hijack my refrigerator!

Bob Bone

:)

Just tell me where the toaster is Bob, you have upgraded the firmware right ;).

I TRICKED you - I don't HAVE a toaster.  Everything went in the divorce.  :)

Bob Bone