PHP is not being executed in my sig, it's being executed on a remote site.
Yeah, but the code in your sig calls the script - your script - on the remote site, correct? Presumably if you can do this in your sig, other people could do it for less 'friendly' purposes.
One exploit could be to try to upload session cookies from the browser? Not saying that you are doing this, just that if your script can be executed, illdoers could get their scripts in there. To tell you the truth, I'm a bit paranoid when someone could be collecting my IP address anyway.
Yeah, but the code in your sig calls the script - your script - on the remote site, correct? Presumably if you can do this in your sig, other people could do it for less 'friendly' purposes.
One exploit could be to try to upload session cookies from the browser? Not saying that you are doing this, just that if your script can be executed, illdoers could get their scripts in there. To tell you the truth, I'm a bit paranoid when someone could be collecting my IP address anyway.
1) There is no way my code can interfere with the code of the MCF.
2) I do not store the IPs that my image finds.
3) If you're afraid of others having your IP address, get off of the internet. Any site has the ability to do that.
Yeah, but the code in your sig calls the script - your script - on the remote site, correct? Presumably if you can do this in your sig, other people could do it for less 'friendly' purposes.
One exploit could be to try to upload session cookies from the browser? Not saying that you are doing this, just that if your script can be executed, illdoers could get their scripts in there. To tell you the truth, I'm a bit paranoid when someone could be collecting my IP address anyway.
1) There is no way my code can interfere with the code of the MCF.
2) I do not store the IPs that my image finds.
3) If you're afraid of others having your IP address, get off of the internet. Any site has the ability to do that.
I'm not saying your code does that, but its a proof of concept that someone else could.
Point 3. Generally I get to choose which sites gets my ip address, by choosing which sites I visit. Adblock also comes in handy. On this forum at least, your script removes that choice.
So, I'm not about to get off the internet, and I was just mentioning your script as an example, but since you put it the way you did, I'll hope that your script gets removed from this site.
No, they can't access any secure data here. It's fine, it's been done since the beginning of time.
Cool, but I reckon there will be problems if you allow external scripts to be executed here....
If you want to cover you ass legally in the meantime:
Minecraft Forum users agree that the forum operators (add your legal entity) may expressly allow other forum users to collect your internet protocol address for purposes not expressly included in the forum conditions including cross-matching with Minecraft.net usernames that are the property of Mojang Specifications SVRL(sic) Ltd.
Cool, but I reckon there will be problems if you allow external scripts to be executed here....
If you want to cover you ass legally in the meantime:
Minecraft Forum users agree that the forum operators (add your legal entity) may expressly allow other forum users to collect your internet protocol address for purposes not expressly included in the forum conditions including cross-matching with Minecraft.net usernames that are the property of Mojang Specifications SVRL(sic) Ltd.
There aren't going to be any legal problems. People have dynamic sigs all the time. For example,
• Game stats
• Those things that show you what browser you're using
• "Give an internet" sigs
Anyway, even if they wanted to [which they don't] they couldn't stop dynamic images [and they won't].
Cool, but I reckon there will be problems if you allow external scripts to be executed here....
If you want to cover you ass legally in the meantime:
Minecraft Forum users agree that the forum operators (add your legal entity) may expressly allow other forum users to collect your internet protocol address for purposes not expressly included in the forum conditions including cross-matching with Minecraft.net usernames that are the property of Mojang Specifications SVRL(sic) Ltd.
Please tell me how you expect the people that use status scripts will act?
Also, just for you, I'm implementing a new feature in my status script called "session id gui interface in visual basic".
350125
memberlist.php?mode=viewprofile&u=26212
This sig seems to cause execution of http://d3-serv.net/dehodson/derp.php
When I browse a post with this sig my IP address is displayed back as an image, maybe it also tries to link the IP address to your minecraft account.
350125
Yeah, but the code in your sig calls the script - your script - on the remote site, correct? Presumably if you can do this in your sig, other people could do it for less 'friendly' purposes.
One exploit could be to try to upload session cookies from the browser? Not saying that you are doing this, just that if your script can be executed, illdoers could get their scripts in there. To tell you the truth, I'm a bit paranoid when someone could be collecting my IP address anyway.
350125
1) There is no way my code can interfere with the code of the MCF.
2) I do not store the IPs that my image finds.
3) If you're afraid of others having your IP address, get off of the internet. Any site has the ability to do that.
I'm not saying your code does that, but its a proof of concept that someone else could.
Point 3. Generally I get to choose which sites gets my ip address, by choosing which sites I visit. Adblock also comes in handy. On this forum at least, your script removes that choice.
So, I'm not about to get off the internet, and I was just mentioning your script as an example, but since you put it the way you did, I'll hope that your script gets removed from this site.
350125
Cool, but I reckon there will be problems if you allow external scripts to be executed here....
If you want to cover you ass legally in the meantime:
Minecraft Forum users agree that the forum operators (add your legal entity) may expressly allow other forum users to collect your internet protocol address for purposes not expressly included in the forum conditions including cross-matching with Minecraft.net usernames that are the property of Mojang Specifications SVRL(sic) Ltd.
350125
There aren't going to be any legal problems. People have dynamic sigs all the time. For example,
• Game stats
• Those things that show you what browser you're using
• "Give an internet" sigs
Anyway, even if they wanted to [which they don't] they couldn't stop dynamic images [and they won't].
Please tell me how you expect the people that use status scripts will act?
Also, just for you, I'm implementing a new feature in my status script called "session id gui interface in visual basic".
Also it's in python.
But you guys have the expertise to know, does the ability to execute remote scripts pose any security issues at all?
Don't have an answer for you on the dynamic images, server status scripts.
350125
They are not the same thing.
The most dangerous things that could happen from dynamic images could also happen from static images.