Security
1 view
Skip to first unread message
keanu2000
Oct 12, 2008, 9:27:55 AM10/12/08
to privnote-tech, linux...@hotmail.it
Hi to all!
I tried your service to send a private note, but there is a problem of
security in your system as follows:
1) I create my note.
2) Then i copy the url and see the message, or "destroy it now". Well
i think that the message was destroyed.
3) But if i click on back button of my browser (firefox 3.0.3), after
3 clicks on "back" i see again the note destroyed.
So for poeple that use shared computers (internet cafè and whatever)
this is a great problem of security. Can you update your system to fix
the bug?
Thanks.
Best regards.
Vincenzo Errico
I tried your service to send a private note, but there is a problem of
security in your system as follows:
1) I create my note.
2) Then i copy the url and see the message, or "destroy it now". Well
i think that the message was destroyed.
3) But if i click on back button of my browser (firefox 3.0.3), after
3 clicks on "back" i see again the note destroyed.
So for poeple that use shared computers (internet cafè and whatever)
this is a great problem of security. Can you update your system to fix
the bug?
Thanks.
Best regards.
Vincenzo Errico
Pablo Hoffman
Oct 20, 2008, 5:49:57 PM10/20/08
to privnote-tech
Thanks for your report Vincenzo. After some investigation we found
that this was caused by some Firefox feature which auto completes
forms when you "go back" to them. We were able to fix it with the help
of some Javascript hack. We recognize this is not a portable solution
(other browsers may behave differently) and this JS hack is not cross-
browser, but we still think it's worth introducing it since the
problem you mentioned imposes a somewhat important privacy concern. So
this was fixed by introducing a hack that "blocks" this feature from
Firefox 3, but others browsers may still suffer from this very subtle
"bug". However browsers consider this a feature, not a bug :).
We're still investigating how to block this feature in other browsers.
Pablo.
that this was caused by some Firefox feature which auto completes
forms when you "go back" to them. We were able to fix it with the help
of some Javascript hack. We recognize this is not a portable solution
(other browsers may behave differently) and this JS hack is not cross-
browser, but we still think it's worth introducing it since the
problem you mentioned imposes a somewhat important privacy concern. So
this was fixed by introducing a hack that "blocks" this feature from
Firefox 3, but others browsers may still suffer from this very subtle
"bug". However browsers consider this a feature, not a bug :).
We're still investigating how to block this feature in other browsers.
Pablo.
Reply all
Reply to author
Forward
0 new messages