Thread: [Openpacket-devel] Please kick the tires again
Brought to you by:
crazy_j,
taosecurity
Menu
▾
▴
openpacket-devel
|
From: Richard B. <tao...@gm...> - 2008-02-26 02:33:23
|
Hello everyone, Sharri has been working again on OpenPacket.org, and JJ moved the system to a production box reachable at www.openpacket.org. Would those of you with some time please take another look at the site? Thank you, Richard |
|
From: James P. <jp...@gm...> - 2008-02-26 02:48:09
|
One thing that I might suggest is to put this on https rather than http so you don't have to worry about any clients behind ips getting messed with :) Another thing that I noticed was that profile pages can be edited to include javascript, and can be used to xss someone: http://www.openpacket.org/profile/public_profile?userid=jpleger Errors out with 500 if the user doesn't exist when trying to reset password: http://www.openpacket.org/profile/forgot_password On Mon, Feb 25, 2008 at 7:33 PM, Richard Bejtlich <tao...@gm...> wrote: > Hello everyone, > > Sharri has been working again on OpenPacket.org, and JJ moved the > system to a production box reachable at www.openpacket.org. > > Would those of you with some time please take another look at the site? > > Thank you, > > Richard > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > |
|
From: Richard B. <tao...@gm...> - 2008-02-26 02:49:28
|
On Mon, Feb 25, 2008 at 9:48 PM, James Pleger <jp...@gm...> wrote: > One thing that I might suggest is to put this on https rather than http so > you don't have to worry about any clients behind ips getting messed with :) > > Another thing that I noticed was that profile pages can be edited to include > javascript, and can be used to xss someone: > http://www.openpacket.org/profile/public_profile?userid=jpleger > > Errors out with 500 if the user doesn't exist when trying to reset password: > http://www.openpacket.org/profile/forgot_password > Thanks James. JJ just mentioned we need to buy a SSL cert. That could be our first donation. Richard |
|
From: Richard B. <tao...@gm...> - 2008-02-26 02:59:14
|
On Mon, Feb 25, 2008 at 9:53 PM, James Pleger <jp...@gm...> wrote: > Might be worth mentioning: > > Godaddy provides free SSL certs to certain open source projects. I am not > sure what the requirements are, but it might be worth looking into to save a > few dollars :P > > https://www.godaddy.com/gdshop/ssl/ssl_opensource.asp?se=%2B > James, Great idea! I just applied for one. Thank you, Richard |
|
From: David J. B. <da...@vo...> - 2008-02-26 03:45:36
|
If you don't get that, maybe try StartSSL (www.startssl.com). Free web certs for pretty much anyone. Some of the browsers might not have the CA cert already loaded, but if you can deal with that, you can't beat the price. David Richard Bejtlich wrote: > On Mon, Feb 25, 2008 at 9:53 PM, James Pleger <jp...@gm...> wrote: >> Might be worth mentioning: >> >> Godaddy provides free SSL certs to certain open source projects. I am not >> sure what the requirements are, but it might be worth looking into to save a >> few dollars :P >> >> https://www.godaddy.com/gdshop/ssl/ssl_opensource.asp?se=%2B >> > > James, > > Great idea! I just applied for one. > > Thank you, > > Richard > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel |
|
From: John C. <joh...@me...> - 2008-02-26 03:19:17
|
I really like the added features. Great work! I noticed you only get one chance to click to vote. Can you recast your vote? Thank you, -John Richard Bejtlich wrote: > Hello everyone, > > Sharri has been working again on OpenPacket.org, and JJ moved the > system to a production box reachable at www.openpacket.org. > > Would those of you with some time please take another look at the site? > > Thank you, > > Richard > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > |
|
From: Keith K. <kun...@gm...> - 2008-02-26 12:51:59
|
looks good, but I still see the double directory link problem if you go to http://www.openpacket.org/pages/about the about link on that page is http://www.openpacket.org/pages/pages/about not a big deal, but still causes an error. I was able to register this time :-D. -k On Mon, Feb 25, 2008 at 10:19 PM, John Curry <joh...@me...> wrote: > I really like the added features. Great work! > I noticed you only get one chance to click to vote. Can you recast your > vote? > > Thank you, > > -John > > > Richard Bejtlich wrote: > > Hello everyone, > > > > Sharri has been working again on OpenPacket.org, and JJ moved the > > system to a production box reachable at www.openpacket.org. > > > > Would those of you with some time please take another look at the site? > > > > Thank you, > > > > Richard > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by: Microsoft > > Defy all challenges. Microsoft(R) Visual Studio 2008. > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > _______________________________________________ > > Openpacket-devel mailing list > > Ope...@li... > > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > |
|
From: Jeremy S. <st...@pa...> - 2008-02-26 15:02:52
|
The site looks great! I like the AJAX voting utility, very slick. A couple issues I noticed: - Registration works okay, but at the end when the user is required to provide a password, both fields are prepopulated with the string "size20" (masked by asterisks, of course). Not sure if this was meant to be a dynamically generated unique password, but it's never displayed to the user in the clear. - The E-mail bbcode tag doesn't shield against address harvesters. Recommend character substitution to disguise the format. - Consider adding explicit guidance for separating keywords when uploading a capture (are we supposed to use spaces or commas?) - Captures are accessible before being cleared by a moderator (link is on the uploader's profile page under "My Uploads") stretch Richard Bejtlich wrote: > Hello everyone, > > Sharri has been working again on OpenPacket.org, and JJ moved the > system to a production box reachable at www.openpacket.org. > > Would those of you with some time please take another look at the site? > > Thank you, > > Richard > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > > |
Thanks for helping keep SourceForge clean.
X