Breadcrumbs are not secured?

[Willem Karssenberg]

I think it's too bad that one can change others breadcrumbs by just changing the url!
I changed:
http://breadcrumb.googleusercontent.com/view?id=ag5nbGFiczIwLXBhdmxvdnIOCxIFU3RvcnkY2oOOAQw
in:
http://breadcrumb.googlelabs.com/read?id=ag5nbGFiczIwLXBhdmxvdnIOCxIFU3RvcnkY2oOOAQw
and was able to enter code!
So the breadcrumbs don't seem to be secured.
I really hope Google will do something about this!
In the meantime I suggest to all of you to make a backup of your coding.

[Singularity Utopia]

Thanks for the warning, yes you are correct, people can edit the
breadcrumbs of other people. New data can be entered by anybody and
saved for the breadcrumb of anybody! The breadcrumbs are *completely
insecure*. I have now backed-up my breadcrumbs. Fingers crossed I hope
nobody vandalizes my breadcrumbs.

Simply by using the URL with "read" in it instead of "view" anyone can
edit the breadcrumb of anyone else.

Can someone contact Google about this asap?

[Willem Karssenberg]

Well it's an Open Source project after all, but this is a littke bit
too open:-)

On 4 jan, 00:39, Singularity Utopia <singularity.uto...@yahoo.com>
wrote:

[Adam Blinkinsop]

Whoa, sorry about that! This was fixed, and apparently *un-*fixed by
mistake. Should be good now. Thanks for pinging the list!

(Open source note: We're working on getting the compiler itself
(Breadcrumb -> HTML+JS) available for everyone to use ASAP.)

--
Adam Blinkinsop <bli...@google.com>

[Sarah Carr]

We're now open-sourced!

https://code.google.com/p/google-breadcrumb/

--
Sarah A. Carr
Instructional Designer
engEDU (http://engedu)

[Johnson, Kurt L]

Woohoo! Thank you Adam! :)

--Kurt

[Johnson, Kurt L]

Woohoo! Sarah, you are my hero!

 

--Kurt

 

From: google-brea...@googlegroups.com [mailto:google-brea...@googlegroups.com] On Behalf Of Sarah Carr
Sent: Tuesday, January 04, 2011 12:45 PM
To: google-brea...@googlegroups.com
Subject: Re: Breadcrumbs are not secured?

 

We're now open-sourced!

[Adam Blinkinsop]

We're heroic, awesome!

Ok, usage notes for the open source-ness:
* Code that's available is *everything you need* to write this stuff.
* However, it requires some things, namely:
* Python 2.4+ (haven't tested with 3.0 yet, but 2.6 should be good)
* PyParsing 1.5 (http://pypi.python.org/pypi/pyparsing)
* Markdown 2.0 (http://pypi.python.org/pypi/Markdown)
* bcc.py is a _library_, but if people think it'd be useful, I can make it
a command-line tool.

[Johnson, Kurt L]

Yes you are! A command line tool would be even more awesome-er! :)
Thanks Adam!
--Kurt

[Sarah Carr]

Kurt, you're just too kind.  We hope that it's useful!

[Adam Blinkinsop]

Alright! bcc.py is now a command line tool:

$ bcc.py your-script.txt
Compiled 'your-script.txt' to 'your-script.txt.html'.

See https://code.google.com/p/google-breadcrumb/source/browse/src/bcc.py

[Johnson, Kurt L]

And then it got even awesome-er-er! :) Thank you Adam!

-----Original Message-----
From: google-brea...@googlegroups.com
[mailto:google-brea...@googlegroups.com] On Behalf Of Adam
Blinkinsop
Sent: Tuesday, January 04, 2011 2:33 PM
To: google-brea...@googlegroups.com
Subject: Re: Breadcrumbs are not secured?

[Adam Blinkinsop]

No problem. Let me know if you have issues with this working.

(You might run "python setup.py test" first.)

[Willem Karssenberg]

Great news!
Will make a new blogpost about it on trendmatcher.nl

[Willem Karssenberg]

Nice fix!

Now you can still open the code of someone's breadcrumb and copy it, but you cannot change the code and save it.

I like that because I learn a lot from breadcrumbs other people have made.

Compliment for the fast fix AND for bringing it to open source.

[Adam Blinkinsop]

Thanks!

On 2:36 pm, Willem Karssenberg <w.kars...@gmail.com> wrote:
> Nice fix!Now you can still open the code of someone's breadcrumb and
> copy it, but you cannot change the code and save it.I like that because
> I learn a lot from breadcrumbs other people have made.Compliment for