Subject:
|
Re: Part Voting Issue
|
Newsgroups:
|
lugnet.cad.dev.org.ldraw
|
Date:
|
Fri, 28 Jun 2002 15:28:27 GMT
|
Viewed:
|
1157 times
|
| |
|
|
In lugnet.cad.dev.org.ldraw, Paul Easter wrote:
> In lugnet.cad.dev.org.ldraw, Steve Bliss writes:
> > In lugnet.cad.dev.org.ldraw, Ross Crawford wrote:
> >
> > > I'd definitely want the destination address locked, probably not even
> > > displayed (just the name / user code), and a fixed subject line, too eg
> > > "Review of part xxxx", to disuade people from using it for anything other
> > > than PT email.
> >
> > Yes, we would not display the destination email address, just the
> > destination Parts Tracker userid.
> >
> > Good idea on the fixed subject line. Although it wouldn't be hard to
> > hack the form, if the locking is just enforced by the HTML code.
>
> Sounds good to me. If someone does hack it, we need to get it reported. Then
> we can disable it for awhile.
By "hack", I just meant that someone could view the message page, save
the HTML source to their hard drive, and modify the fields in the form
to allow them to input userid and subject line. In order to use this
hacked form, they'd still need to be a logged-in parts tracker user. So
the potential for abuse is fairly small.
Steve
|
|
Message is in Reply To:
14 Messages in This Thread:
   
 
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
