Hijacking user name
-
This has clearly stepped up to a level where it is now affecting the site and the community. In order to project our members and our site we're talking to our legal counsel to take the appropriate next steps.
cheers, Chris Maunder
CodeProject.com : C++ MVP
With those next steps, please strip HTML tags out of user names and don't allow it in the future. Validate all existing user names and rename the ones with html tags as "Member<
memership no>", like how it would look immediately after registration.Nobody can give you wiser advice than yourself. - Cicero .·´¯`·->Rajesh<-·´¯`·. Codeproject.com: Visual C++ MVP
-
With those next steps, please strip HTML tags out of user names and don't allow it in the future. Validate all existing user names and rename the ones with html tags as "Member<
memership no>", like how it would look immediately after registration.Nobody can give you wiser advice than yourself. - Cicero .·´¯`·->Rajesh<-·´¯`·. Codeproject.com: Visual C++ MVP
Rajesh R Subramanian wrote:
rename the ones with html tags as "Member",
Not necessary. Just strip out the HTML tags and whatever remains would be the Member Name. Why do we want to do an extra string replacement?
Vasudevan Deepak Kumar Personal Homepage
Tech Gossips
All the world's a stage, And all the men and women merely players. They have their exits and their entrances; And one man in his time plays many parts... --William Shakespeare -
Rajesh R Subramanian wrote:
rename the ones with html tags as "Member",
Not necessary. Just strip out the HTML tags and whatever remains would be the Member Name. Why do we want to do an extra string replacement?
Vasudevan Deepak Kumar Personal Homepage
Tech Gossips
All the world's a stage, And all the men and women merely players. They have their exits and their entrances; And one man in his time plays many parts... --William Shakespeare -
Vasudevan Deepak Kumar wrote:
Not necessary. Just strip out the HTML tags and whatever remains would be the Member Name. Why do we want to do an extra string replacement?
Because you would wind up with lots of duplicates. Cheers, Drew.
Like Troll
TrollTroll With whatever I suggested, everything would be Troll. It would only ambiguate it further. Is my understanding correct? Fine. In that case, I think, we should be RESETting to the 'Just-After-Signup' state.Vasudevan Deepak Kumar Personal Homepage
Tech Gossips
All the world's a stage, And all the men and women merely players. They have their exits and their entrances; And one man in his time plays many parts... --William Shakespeare -
Okay, this needs to be fixed NOW. I haven't even bothered talking to him and he wants to hijack my name???WTF?
Shhhhh..... http://craptasticnation.blogspot.com/[^]
leckey wrote:
VERY UPSET
You need not get upset because of such retarded cases. They are actually jeopardizing the tranquility of community at large. I really wonder, what do they gain with such a sadistic attitude of corrupting the messageboards with invalid content. Anyway, you would have already observed a few posts down that Chris is trying to rope in a few lawyers and legal counsel to bring sanity over the storm-affected areas.
Vasudevan Deepak Kumar Personal Homepage
Tech Gossips
All the world's a stage, And all the men and women merely players. They have their exits and their entrances; And one man in his time plays many parts... --William Shakespeare -
Like Troll
TrollTroll With whatever I suggested, everything would be Troll. It would only ambiguate it further. Is my understanding correct? Fine. In that case, I think, we should be RESETting to the 'Just-After-Signup' state.Vasudevan Deepak Kumar Personal Homepage
Tech Gossips
All the world's a stage, And all the men and women merely players. They have their exits and their entrances; And one man in his time plays many parts... --William Shakespeare<font face="Arial", color="Red">Display Name</font> != <font face="Book Antiqua", color="Green">Display Name</font> If you strip off the HTML tags, they both will become essentially the same string, "Display Name" and collide, as we cannot have duplicate display names. With HTML tags, they are not the same, and so we don't have duplicates. So, I suggested renaming the display name to Member<membership no> in case of collisions.
Nobody can give you wiser advice than yourself. - Cicero .·´¯`·->Rajesh<-·´¯`·. Codeproject.com: Visual C++ MVP
-
leckey wrote:
VERY UPSET
You need not get upset because of such retarded cases. They are actually jeopardizing the tranquility of community at large. I really wonder, what do they gain with such a sadistic attitude of corrupting the messageboards with invalid content. Anyway, you would have already observed a few posts down that Chris is trying to rope in a few lawyers and legal counsel to bring sanity over the storm-affected areas.
Vasudevan Deepak Kumar Personal Homepage
Tech Gossips
All the world's a stage, And all the men and women merely players. They have their exits and their entrances; And one man in his time plays many parts... --William ShakespeareVasudevan Deepak Kumar wrote:
bring sanity over the storm-affected areas.
:wtf:
Nobody can give you wiser advice than yourself. - Cicero .·´¯`·->Rajesh<-·´¯`·. Codeproject.com: Visual C++ MVP
-
<font face="Arial", color="Red">Display Name</font> != <font face="Book Antiqua", color="Green">Display Name</font> If you strip off the HTML tags, they both will become essentially the same string, "Display Name" and collide, as we cannot have duplicate display names. With HTML tags, they are not the same, and so we don't have duplicates. So, I suggested renaming the display name to Member<membership no> in case of collisions.
Nobody can give you wiser advice than yourself. - Cicero .·´¯`·->Rajesh<-·´¯`·. Codeproject.com: Visual C++ MVP
Thank you for clarifying. :)
Vasudevan Deepak Kumar Personal Homepage
Tech Gossips
All the world's a stage, And all the men and women merely players. They have their exits and their entrances; And one man in his time plays many parts... --William Shakespeare -
This has clearly stepped up to a level where it is now affecting the site and the community. In order to project our members and our site we're talking to our legal counsel to take the appropriate next steps.
cheers, Chris Maunder
CodeProject.com : C++ MVP
Chris Maunder wrote:
In order to project our members and our site we're talking to our legal counsel to take the appropriate next steps.
Projecting the members and the site seems to be a good idea; you may also want to consider protecting them as well. Running low on coffee lately? :-D
Nobody can give you wiser advice than yourself. - Cicero .·´¯`·->Rajesh<-·´¯`·. Codeproject.com: Visual C++ MVP
-
This has clearly stepped up to a level where it is now affecting the site and the community. In order to project our members and our site we're talking to our legal counsel to take the appropriate next steps.
cheers, Chris Maunder
CodeProject.com : C++ MVP
Good to hear. I also agree with the other posts about not allowing HTML in the user name field. For those user names that already have HTML, with fair warning to give people enough time to remove the HTML themselves, a simple one-time process to revert them back to the original "Member [id]" would work just fine.
Scott Dorman
Microsoft® MVP - Visual C# | MCPD President - Tampa Bay IASA Hey, hey, hey. Don't be mean. We don't have to be mean because, remember, no matter where you go, there you are. - Buckaroo Banzai
-
With those next steps, please strip HTML tags out of user names and don't allow it in the future. Validate all existing user names and rename the ones with html tags as "Member<
memership no>", like how it would look immediately after registration.Nobody can give you wiser advice than yourself. - Cicero .·´¯`·->Rajesh<-·´¯`·. Codeproject.com: Visual C++ MVP
I guess the thing is, at what point do we stop most of the users from having some fun, based on the actions of a few ?
Christian Graus Please read this if you don't understand the answer I've given you "also I don't think "TranslateOneToTwoBillion OneHundredAndFortySevenMillion FourHundredAndEightyThreeThousand SixHundredAndFortySeven()" is a very good choice for a function name" - SpacixOne ( offering help to someone who really needed it ) ( spaces added for the benefit of people running at < 1280x1024 )
-
I guess the thing is, at what point do we stop most of the users from having some fun, based on the actions of a few ?
Christian Graus Please read this if you don't understand the answer I've given you "also I don't think "TranslateOneToTwoBillion OneHundredAndFortySevenMillion FourHundredAndEightyThreeThousand SixHundredAndFortySeven()" is a very good choice for a function name" - SpacixOne ( offering help to someone who really needed it ) ( spaces added for the benefit of people running at < 1280x1024 )
Christian Graus wrote:
I guess the thing is, at what point do we stop most of the users from having some fun, based on the actions of a few ?
That's an understandable position. I still believe the user names shouldn't allow HTML, but another alternative is to not use the HTML tags in determining uniqueness. This will prevent members from using the same user name as someone else while still allowing the "fun" of having funky (and in some cases hard to read) names. Even taking this approach, a one-time scrub, given enough warning, which looks for duplicates without using the HTML tags is probably appropriate. This would reset any duplicates to the "Member [id]" setting, except possibly for the user with the oldest join date.
Scott Dorman
Microsoft® MVP - Visual C# | MCPD President - Tampa Bay IASA Hey, hey, hey. Don't be mean. We don't have to be mean because, remember, no matter where you go, there you are. - Buckaroo Banzai
-
I guess the thing is, at what point do we stop most of the users from having some fun, based on the actions of a few ?
Christian Graus Please read this if you don't understand the answer I've given you "also I don't think "TranslateOneToTwoBillion OneHundredAndFortySevenMillion FourHundredAndEightyThreeThousand SixHundredAndFortySeven()" is a very good choice for a function name" - SpacixOne ( offering help to someone who really needed it ) ( spaces added for the benefit of people running at < 1280x1024 )
I agree on that point and I never looked at it that way. But, this does not mean that the overall security of the site has to be compromised in order to let people have fun. Either HTML tags should be disallowed, or only the text and not the HTML tags should be considered as user name. Same text with different HTML tags should not be allowed.
Nobody can give you wiser advice than yourself. - Cicero .·´¯`·->Rajesh<-·´¯`·. Codeproject.com: Visual C++ MVP
-
Rajesh R Subramanian wrote:
rename the ones with html tags as "Member",
Not necessary. Just strip out the HTML tags and whatever remains would be the Member Name. Why do we want to do an extra string replacement?
Vasudevan Deepak Kumar Personal Homepage
Tech Gossips
All the world's a stage, And all the men and women merely players. They have their exits and their entrances; And one man in his time plays many parts... --William ShakespeareBut, logically speaking that could produce duplicate user names. By using the uniqueID of the membership then it will lead to less confusion and less possibility of error.
Regards, Thomas Stockwell Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. Visit my homepage Oracle Studios Discounted or Free Software for Students: DreamSpark - downloads.channel8.msdn.com MSDN Academic Alliance - www.msdnaa.com
-
I agree on that point and I never looked at it that way. But, this does not mean that the overall security of the site has to be compromised in order to let people have fun. Either HTML tags should be disallowed, or only the text and not the HTML tags should be considered as user name. Same text with different HTML tags should not be allowed.
Nobody can give you wiser advice than yourself. - Cicero .·´¯`·->Rajesh<-·´¯`·. Codeproject.com: Visual C++ MVP
This is how it's done. We simply had a bug in the system.
cheers, Chris Maunder
CodeProject.com : C++ MVP