Hi
I'm having problems uploading an avatar.
Is there a type of file it has to be? Trying .jpg
Image is 100X72 pix
Tried doing it straight to this site and tried using host URL.
Just get the wee box with X
The image is;
AFAIK there was a problem with the BBS that hackers would use the avatar function to store illegal and undesired material, thus it had to be turned off.
Thanks Screet at least I know I.m only a wee bit silly then.
But what does AFa... as I typed it I got it.
How can someone store stuff in an avatar?
On second thought Na I don't wont to know that.
AFAIK there was a problem with the BBS that hackers would use the avatar function to store illegal and undesired material, thus it had to be turned off.
Screet
Then how did those people with avatars get them?
Dream as if you'll live forever
Live as if you'll die tomorrow
Wouldn't a sanity-check for file size and type be enough to prevent that kind of abuse? Seems to me that ought to be a standard feature of any BB software. Heck, any code I ever wrote always checked user input for validity before accepting it... and that was 20 years ago...
Most games have some sort of paddling-pool-and-water-wings beginning to ease you in: Oolite takes the rather more Darwinian approach of heaving you straight into the ocean, often with a brick or two in your pockets for luck. ~ Disembodied
Wouldn't a sanity-check for file size and type be enough to prevent that kind of abuse? Seems to me that ought to be a standard feature of any BB software. Heck, any code I ever wrote always checked user input for validity before accepting it... and that was 20 years ago...
If security and sanity were a goal, it wouldn’t be written in PHP… but I, for one, have no interest in taking on BB software as yet another side project. :-)
(Actually, come to think of it, the phpBB people blamed the problem on some other piece of software, which may or may not also be running on Giles’s server; I asked, but didn’t get a reply. File size isn’t relevant, since the problem was a small set of scripts.)
What about enabling THIS option in the phpBB settings?
Another forum I hang out on which also uses phpBB allows you to link to an avatar stored offsite.. it seems to me this would solve the problem in a way that's of no use to hackers.
Most games have some sort of paddling-pool-and-water-wings beginning to ease you in: Oolite takes the rather more Darwinian approach of heaving you straight into the ocean, often with a brick or two in your pockets for luck. ~ Disembodied
I'm a malicious hacker. I create a JPG or other image that has known exploits, and include the exploit. I host it via Flickr, Photobucket, or Bill & Ted's Excellent Photo Hosting Service. I set this as my Avatar. And I start posting all over the forums....
Also, I discovered that this forum has a set of avatars already uploaded. That's where my current, very nice one comes from. Is it possible that we could submit avatars of a similar style to the admins for approval and have them added to the list?
Dream as if you'll live forever
Live as if you'll die tomorrow
Also, I discovered that this forum has a set of avatars already uploaded. That's where my current, very nice one comes from. Is it possible that we could submit avatars of a similar style to the admins for approval and have them added to the list?
This would work for me...
Most games have some sort of paddling-pool-and-water-wings beginning to ease you in: Oolite takes the rather more Darwinian approach of heaving you straight into the ocean, often with a brick or two in your pockets for luck. ~ Disembodied
<tech>
When a programmer fails to write the required checks :>, a bunch of malicious data can be used to overvride (almost)wildly a memory area succeeding in getting some evil code executed, it's a bit of wizardry that
requires to know low level computer programming.
BTW, Apple iPhones an iPod Touch where jailbroken this way...
</tech>
Sniff, I miss Eastern Gianozia People Republic Ltd. crest ); ...
Cmdr. Saint, Golden Gladstone with 4 leaves Clovers of the Most Noble Order or The B.D.c.
