NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

use Perl

All the Perl that's Practical to Extract and Report

Friendster Security Hole More | Login | Reply

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Without JavaScript enabled, you might want to use the classic discussion system instead. If you login, you can remember this preference.

Friendster (Score:1)

by dws (341)

Through back-channels (Friendster is local), I learned that they have ~40 boxes running Tomcat, and that they have substantial performance problems in-and-around data replication.
- Re:Friendster (Score:3, Interesting)
  
  by Ovid (2709)
  
  Well, I must say that I hope they get these issues ironed out. It's long been known that we can't predict the long-term effects of the 'Net and I think experiments like Friendster are exactly the sort of thing that I like to see while we try and flesh out the new future of communication. I would love to see them succeed.
- Re:Friendster (Score:2)
  
  by Ovid (2709)
  
  Interesting. The was down when I made my post. It's back up and now the password is no longer being sent. Curious timing, but I'm happy to see this :)
Why are you posting this to use.perl? (Score:3, Funny)

by Dom2 (2981) <{dom} {at} {happygiraffe.net}> on 2003.07.19 4:21 (#22261) Homepage Journal

Which also stores usernames and passwords in plain text in a cookie? Well, obfuscated, at least as much as basic-auth is...
Quite shocked me when I looked closely at my slashdot / use.perl cookies.
-Dom

Reply to This
- Re:Why are you posting this to use.perl? (Score:3, Funny)
  
  by Ovid (2709)
  
  I post it to use.perl.org for the same reason others post post plenty of other non-Perl things here: it interests me.
  
  The comment about the use.perl cookie was interesting. I had suspicions about the cookie, but never looked at it that closely. If you really want fun, though, take a look at the full headers. You'll see things like: X-Bender: My full name is Bender Bending Rodriguez. and X-Fry: Hey look, it's that guy you are! .
  - Re:Why are you posting this to use.perl? (Score:2)
    
    by Dom2 (2981)
    
    Sorry; I wasn't serious about the use.perl comment.
    As to the headers, I love 'em. First saw them on slashdot, and I'm thinking about adding something similiar to my latest project now...
    -Dom
- Re:Why are you posting this to use.perl? (Score:2)
  
  by pudge (1)
  
  FWIW: No usernames are stored, the user IDs are. And the MD5 hash of the password, not plaintext, is stored, which can be used to log in if you also have the user ID. Also, there is an option in your password prefs to not store the cookie information.
  
  And you can always click "Logout" to delete your cookie, too.
  
  As to the proper deleting of a cookie: setting the expiration date is the recommended method. In this Netscape doc [netscape.com], for example, it says: If a CGI script wishes to delete a cookie, it can do so b
  - Re:Why are you posting this to use.perl? (Score:2)
    
    by Dom2 (2981)
    
    Thanks for pointing that out; it had been a while since I'd looked at it, I'm guessing that it's been improved in recent versions of slash.
    -Dom

Get More Comments

Reply

use Perl

All the Perl that's Practical to Extract and Report

Navigation

Friendster Security Hole 8 Comments More | Login | Reply /

Please Log In to Continue

Friendster (Score:1)

Re:Friendster (Score:3, Interesting)

Re:Friendster (Score:2)

Why are you posting this to use.perl? (Score:3, Funny)

Re:Why are you posting this to use.perl? (Score:3, Funny)

Re:Why are you posting this to use.perl? (Score:2)

Re:Why are you posting this to use.perl? (Score:2)

Re:Why are you posting this to use.perl? (Score:2)