Off topicavatars| Author | Post | |||
r3d5pik3  |
we need avatars |
|||
 30.06.2004 19:38:07 |
|
|||
|MasterMind|  |
Yeah  MM (O_o) |
|||
 30.06.2004 19:39:32 |
|
|||
Erik   |
Hi, good idea I already thought of but I wan't to let people load up their own ones. That's no problem at all but I thought about something coming along with this and that still needs some thinking. bye, Erik  |
|||
|
30.06.2004 20:01:47 |
|
|||
theblacksheep    |
avatars are always a little bit "hot". many exploits exist that make use of bad filtering in the avatar option. |
|||
|
01.07.2004 03:45:39 |
|
|||
|
r3d5pik3 |
not really only avatar exploit is the infamous *.swf avatar exploit that lets you insert javascript to implement cookie stealers there are ways to make dynamic avatars but its impossible for them to munch on cookies or run javascript unless there *.swf |
|||
|
01.07.2004 04:53:26 |
|
|||
paralax         |
Then only allow bmps... or other predetermined file fromats. I don't think you can do too much with a bmp. |
|||
 02.07.2004 07:25:00 |
|
|||
|
r3d5pik3 |
you cant do much with any picture format you can run code in a pic but the code gets executed server side on the server that hosts the pic the pic cant grab cookies because its only possible to grab cookies from yur own server *sigh* |
|||
|
02.07.2004 08:03:11 |
|
|||
quangntenemy      |
YES! I can grab the IP address of anyone seeing my jpg image! |
|||
 02.07.2004 13:30:50 |
|
|||
|
r3d5pik3 |
yah but who cares about there IP and its not like you know whos is whos. and what would you do with an ip? other than script kiddie stuff that most likely wont work on the person? but for all you know it can be yur ip |
|||
|
02.07.2004 18:09:59 |
|
|||
|
|MasterMind| |
^ MM (O_o) |
|||
|
02.07.2004 18:21:54 |
|
|||
private message
EMail
Website