security : LUSENET : MARP Editors : One Thread

I just stumbled across a web page (called '.meep.html') which contains the password for this board. It would be better for security reasons if the password wasn't made available on the web.

Any page used to access a MARP page will leave its URL (however obscure and unguessable) in the hit counter pages, where it can be accessed for a while by anyone clicking on the counter. will send you a cookie when you log into this board, so you shouldn't have to keep typing the password. Alternatively, a personal bookmark (or a copy of .meep.html on your own hard disk) would be safer.


-- Anonymous, July 05, 2001


That's mine, heh. Thanks for adding the cookie savers. I access too many computers to keep updating bookmarks, but that leaves these security holes open, hopefully this one can be closed if the password gets stored in the cookie. That .meep.html REFERENCE should have only showed up at marp or greenspun sitelogs, but i'd be glad to delete the pasword from the page now that cookies are saved. Earlier I wasn't able to login with out the password (i believe the cookies didn't save passwords to protected boards...)

-- Anonymous, July 06, 2001

The URL of your .meep page also (still) shows up here, which is publically available - click the counter in MARP's banner frame, then the 'how' link to get there yourself:

(I was just about to link that, but that would probably have the same issues associated with it...)


-- Anonymous, July 06, 2001

i'm ok with it showing up, as long as you're ok with it, the .meep page doesn't have a password in it now, so i think all of those links on those pages can be gotten to by other users but they'll need the user level cookie access to use most of them...

-- Anonymous, July 07, 2001

Cookies are NOT used for the greenspun sites, this means you DO have to type in the damn password (for each IE session) when going to secure boards. I guess i'll have to just add it to bookmarks... how do we get greenspun to use cookies?

-- Anonymous, July 09, 2001

My solution is to use Opera instead of IE. It's smaller, faster, less buggy and remembers which URLs you are visiting between runs. Visit the editor's board once, and you can stay there for ever...

As for how you get Mr. Greenspun to do anything, I don't know. I don't think he's interested in maintaining this board.


-- Anonymous, July 10, 2001

Moderation questions? read the FAQ