Loading Profile...
NING Bug to impersonate any user
There is a bug that allows changing a link to log you in as any user. Is this being fixed? Maybe with some sort of encryption?
IE, the user is logged into Ning so the link currently captures their ning id and logs them in as that. Unfortunately, their ning id is clearly decipherable in the link so they just change the id to whatever they want and voila - somebody else's name. So what I'm saying is that instead of displaying the user id clealy in the link that it uses some form of encryption so that 99% won't be able to manually change the id cause they 1) can't find it or 2) can't encrypt a fake one.
IE, the user is logged into Ning so the link currently captures their ning id and logs them in as that. Unfortunately, their ning id is clearly decipherable in the link so they just change the id to whatever they want and voila - somebody else's name. So what I'm saying is that instead of displaying the user id clealy in the link that it uses some form of encryption so that 99% won't be able to manually change the id cause they 1) can't find it or 2) can't encrypt a fake one.
3
people have this problem
I have this problem, too!
Tell me when someone solves it.
The more people who report this problem, the more it gets noticed.
The more people who report this problem, the more it gets noticed.
The company has acknowledged this problem.
Create a customer community for your own organization
Plans starting at $19/month
-
Inappropriate?Good idea. Is this a serious problem to you in your Ning network?
-
Inappropriate?It is one thing that people are saying makes them reluctant to use the chat. They say instead that they want to use something like icamchatlive (which I wanted you blendapps employees to look at for its features, so you can add some in) so that no one pretends to be them and starts drama. -
Inappropriate?Understood. At the moment the focus is on easy-to-use/easy-to-install chat, but I will see what I can do to implement the feature you asked for (sorry to say I cant promise a date though).
-
Inappropriate?Unfortunately this is now being exploited for people who are not logged in (or who have been banned etc) in order for them to enter the chat despite being undesirable and banned.
-
This reply was removed on 08/11/09.
see the change log -
Inappropriate?Where do you put this in the button code?
menubar=no,status=no,toolbar=no -
Inappropriate?Banned users are exploiting this security loophole and cloning profiles and spamming our chatrooms. And/or coming in with no pic or profile this way. Virtually unstoppable.
-
-
Inappropriate?I had 15 cloned profiles in my userplane ning chatroom today. Some were spamming and all were suspected "banned" users. This is becoming a SERIOUS problem.
I’m STILL FRUSTRATED
-
Inappropriate?Still getting this problem.
-
Inappropriate?Yep, same here. Makes chatting absolutely no fun whatsoever. And people whose profiles are getting cloned are understandably upset and most are leaving our site...
I’m still...um......FRUSTRATED!
EMPLOYEE
