|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
02-03-2004, 06:53 AM
|
#1 |
|
Confirmed User
Join Date: Sep 2003
Location: President/CEO - iStripper.com
Posts: 1,164
|
Microsoft disable username / password coding in links :(
"The newly announced patch will disable a feature that lets people code a username and password directly into a link so that someone clicking the link can easily access the restricted page to which it points."
http://news.zdnet.co.uk/internet/sec...9145074,00.htm We were using this feature all over our sites. Anyone else afected?
__________________
 WWW.ISTRIPPER.COM Unique Desktop Strippers since 1998, 20+ Millions users, 3000+ Girls to choose from, All UHD Exclusive Content. |
|
|
|
02-03-2004, 06:57 AM
|
#2 |
|
Confirmed User
Join Date: Feb 2003
Posts: 1,164
|
I used it just on my local home page, to log into sponsor sites and such. I figured "no big deal, I'll just use Stats Remote to log in to the sponsor sites," but unfortunately Stats Remote used the same technique.
 |
|
|
|
|
02-03-2004, 07:01 AM
|
#3 |
|
Confirmed User
Join Date: Mar 2001
Location: Florida
Posts: 6,138
|
Not a bad idea...
|
|
|
|
|
02-03-2004, 07:08 AM
|
#4 |
|
Confirmed User
Join Date: Nov 2003
Posts: 4,292
|
thats fucking stupid, why would they do that?
|
|
|
|
|
02-03-2004, 07:09 AM
|
#5 |
|
[----------------------]
Join Date: Aug 2001
Posts: 14,486
|
yeah
i noticed statsremote use the same what will they do? is this a problem at all? |
|
|
|
|
02-03-2004, 07:33 AM
|
#6 | |
|
Confirmed User
Join Date: Jan 2003
Location: midwest side, yo
Posts: 4,728
|
Quote:
__________________
<a href="http://www.iroc409.com/"><img src="http://www.iroc409.com/adv/120x60.gif" border=0></a> icq: 1 7 6 4 2 0 9 6 0 Gallery templates for ONLY $25! w00t! |
|
|
|
|
|
02-03-2004, 07:48 AM
|
#7 | ||
|
Confirmed User
Join Date: May 2002
Location: StatsRemote.com
Posts: 1,804
|
Quote:
Quote:
__________________
|
||
|
|
|
|
02-03-2004, 08:00 AM
|
#8 |
|
Confirmed User
Join Date: Feb 2003
Posts: 1,164
|
The reason was that scammers would send people a URL like:
http://www.visa.com:[email protected]/ and fucking nimrods would see "www.visa.com" and enter their credit card info. I can see why MS wants to cater to nimrods, but I wish they'd allowed non-nimrods to enable user:pw@ as an option. |
|
|
|
|
02-03-2004, 08:10 AM
|
#9 | |
|
Confirmed User
Join Date: May 2002
Location: StatsRemote.com
Posts: 1,804
|
Quote:
http://support.microsoft.com/default...;en-us;Q834489 --- How to disable the new default behavior for handling user information in HTTP or HTTPS URLs To disable the new default behavior in Windows Explorer and Internet Explorer, create iexplore.exe and explorer.exe DWORD values in one of the following registry keys and set their value data to 0: For all users: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME _PASSWORD_DISABLE For the current user only: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME _PASSWORD_DISABLE ---
__________________
|
|
|
|
|
|
02-03-2004, 08:23 AM
|
#10 | |
|
Confirmed User
Join Date: Feb 2003
Posts: 1,164
|
Quote:
|
|
|
|
|
|
02-03-2004, 08:41 AM
|
#11 |
|
The Best Ideas Start Here
Join Date: Dec 2002
Location: Atlanta
Posts: 6,037
|
The funny thing is that I use MicrosoftOffice.com/LiveMeeting to give demos of Dollars.com remotely. The user clicks a link with the username and password coded to enter the software app.
Go Microsoft!
__________________
Regards, Rick Latona http://latonas.com Latona's - We Sell Money Making Web Properties Note to buyers of websites and traffic: please check our inventory at http://latonas.com/websites-for-sale. If you would like to make an offer on something, just let me know. |
|
|
|
|
02-03-2004, 09:06 AM
|
#12 |
|
Confirmed User
Join Date: Sep 2003
Location: President/CEO - iStripper.com
Posts: 1,164
|
lol
__________________
WWW.ISTRIPPER.COM Unique Desktop Strippers since 1998, 20+ Millions users, 3000+ Girls to choose from, All UHD Exclusive Content. |
|
|
|
|
02-03-2004, 09:47 AM
|
#13 |
|
Guest
Posts: n/a
|
Not good news...
|
|
|
|
02-03-2004, 11:25 AM
|
#14 |
|
Confirmed User
Join Date: Oct 2002
Location: Germany
Posts: 768
|
The security risk is that a user uses that feature and then visits another site from your members section. As referrer you will see the URl including the username and password. I used to surf a lot of porn for free that way ;)
__________________
SIG TOO BIG! Maximum 120x60 button and no more than 3 text lines of DEFAULT SIZE and COLOR. Unless your sig is for a GFY top banner sponsor, then you may use a 624x80 instead of a 120x60. |
|
|
|
|
02-03-2004, 11:35 AM
|
#15 |
|
Old Timer
Industry Role:
Join Date: Jan 2001
Location: Indianapolis
Posts: 12,208
|
I see a lot of username/passwords in my referrer logs too. People really shouldn't use that feature.
|
|
|
|
|
02-03-2004, 01:07 PM
|
#16 |
|
Confirmed User
Industry Role:
Join Date: Oct 2001
Location: Toronto
Posts: 7,103
|
The update deleted all of my stored passwords, as well. I've spent half the day searching through old emails and printouts.
garce |
|
|
|
