We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Security check, check the direct link. [Can't reproduce] - Tiny Chat | Forum

dave Leader
dave Oct 14 '13

Hi i just got a message from one of my users that said they were able to get into tiny chat without loggin into the site.  They said they had full access to the site by saving the link to the page and then logging off and just clicking the link. 

 

This obvioiusly could have been cause by a number of reasons, cookie cache, that page set to guest view, and others.

 

But i wanted to post this because they referred to it as a backdoor, and anytime there is even talk about that i want to mention it for everyones safety.

 

So please check your direct link to tinychat and make sure there is no access accept for members if that is the way you want it.  Just test to be sure... 

 

Also unfortunately we had a seperate incident today where there as an illegal cam show and so i have terminated the tinychat for now and have reported the users.   This is a huge liability not just with tinychat but with all chats that are cam friendly it just opens the door to huge liabiltiy and that is just so sad.

 

Thanks... 

The Forum post is edited by Oxwall Software Nov 13 '13
Oxwall Software
Oxwall Software Oct 16 '13
Thanks for your post Dave.
Just to make sure, direct url is sitename.com/tinychat  ? Or you meant something else?
dave Leader
dave Oct 16 '13

I sent a reply to the user asking them for the exact url they had saved, and i have not heard from them.   But yes that is the url i am assuming..

Oxwall Software
Oxwall Software Oct 23 '13
Let me know if you get a reply from this user.
Tested with the sitename.com/tinychat and wasn't able to reproduce the issue so far.
dave Leader
dave Oct 23 '13
Ok i appreciate your reply and testing... i will try to get more info asap...
You do not have permission to reply this topic