MozillaZine

Full Article Attached New MozillaZine Member Area

Saturday January 2nd, 1999

UPDATE BELOW! (1/3/98)

MozillaZine now has a member area, and a number of other new features!

Membership in mozillaZine is free, and confidential. Your information is displayed only if you specifically want it displayed.

To read more about the membership, and what it offers you, click "Full Article" below.

To sign up, just click "members" on the navbar at right. All that we require is a valid email address to confirm the account. Please note that if you enter a bogus email address, or an email address that you don't have access to, you will not be able to validate your account.

If you find any bugs, please submit them here: mozineBugs@mozillazine.org. Don't post them in the forum, please!

UPDATE!If you created a bio page, and were wondering why it didn't show up, it was because a slight change I made to the template was not uploaded properly. To fix the problem, go to the members area, edit your bio page, and just click the "Alter Account" button. Your page should generate properly. Sorry!

Also, we've created a new option in the members area for people who don't believe they've received a validation message. (We've gotten no bug reports about this, but with the flaky weather the past few days, it's better to be safe than sorry.) Just enter your login and password, and a new validation message will be sent to your email address. This feature won't work if you're already validated.


#18 Re: C is for cookie.. (good enough for me)

by Waldo

Monday January 4th, 1999 10:07 PM

You are replying to this message

I'm a little confused.. what's the liability factor?

Let's say, worst case, someone exploits some horrible cookie bug and is able to steal someone elses "identity" - what could happen, worst-case?

Well, they could post as you...whoop de do. The accounts are more or less anonymous anyway so I don't see how that's a big deal. If you used the same login/pass for other accounts, I guess they could try there too. That's their fault.

But really, couldn't they grab your identity by countless other known methods? (sniffing the unencrypted password along the pipe for example). How is not using cookies any safer?

What kind of liability is involved for you if they're exploiting a bug you didn't know about and had no way of knowing about? I don't see how using cookies makes you negligable... I mean, everyone uses 'em.

Finally, whatever the liability (real or imagined), couldn't you just put a disclaimer (as part of your membership policy) that you won't be held accountable for this kind of thing?

I dunno. Maybe I'm totally offbase..? Yer site, yer choice obviously.

W

PS-- any way to get a "preview" button instead of just "SUBMIT" at the bottom, kinda like /. ?

PPS-- whoa.. accidentally typed my login into the first two text fields..that would have given it away even easier, eh?

PPPS-- The site is getting cooler and cooler every time I log in!

PHEW!