lnr: Halloween 2023 (Default)
lnr ([personal profile] lnr) wrote2003-02-14 01:53 pm
  • Add Memory
  • Share This Entry

Valentines

OK so in the end I did have a go with the LVS. Oddly enough (when I finally got the notification, well done to Steve the author for sorting that out quickly and graciously) I found ewx and I had nominated each other. Neither of my two other nominees had nominated me back though. And I apparently have two mystery admirers. Wonder if they're brave enough to tell me who they are? You never can tell if I might not have been interested anyway, just out of slots.
Flat | Top-Level Comments Only

[identity profile] saraphale.livejournal.com 2003-02-14 05:58 am (UTC)(link)
What's LVS?
lnr: Halloween 2023 (Default)

[personal profile] lnr 2003-02-14 06:17 am (UTC)(link)
http://www.steve.org.uk/lvs/ the livejournal valentine system: too late for this year if you missed it though.

[identity profile] saraphale.livejournal.com 2003-02-14 06:22 am (UTC)(link)
Ah well, no matter.

[identity profile] daneel-olivaw.livejournal.com 2003-02-14 06:01 am (UTC)(link)
And I apparently have two mystery admirers.

I seem to have one of those... Dammit, this double-blind thing is most irritating! [confused now]

[identity profile] j4.livejournal.com 2003-02-14 07:36 am (UTC)(link)
I'd just like to point out that I didn't do the LJ valentine thingy at all, so I'm sorry if you nominated me and didn't get a nomination back. (There ought to have been a way of at least checking if the person you've nominated has participated at all...)

*hugs*
lnr: Halloween 2023 (Default)

[personal profile] lnr 2003-02-14 07:49 am (UTC)(link)
Hey, it's OK, since you didn't mention it I assumed you hadn't bothered, but I got such a lovely valentine from you anyway *smooch*

I passed on your comment in brackets to the author BTW, since he's been asking for suggestions, and he says he was a bit worried about the privacy implications of it which is why he left it out. I can see why you might not have time to think something like that through and work out if it's OK or not when you're just coding something up for a bit of a giggle.

[identity profile] dennyd.livejournal.com 2003-02-16 06:42 am (UTC)(link)
A friend of mine was poking around the code looking for security holes and claimed to have found out a way to check if a given lj user had taken part. They correctly named the one who had out of the three in the room at the time, so I'm fairly convinced they were telling the truth. This was an exploit rather than a feature though  :)
ext_8103: (Default)

[identity profile] ewx.livejournal.com 2003-02-17 01:00 pm (UTC)(link)

(Looks) yes, that should be really easy. The URL has a username and an opaque string in it; replace the username with the want you want and the opaque string with any old rubbish. If the user exists, you'll get one message, if they don't you'll get a different one. Voila.

The code to choose the hex string is rather poor too.

I believe that a better approach would be to encrypt the username using a secret key with a symmetric cipher, and quote the result (and not the username) in the URL send back by join.cgi. If the value received by validate.cgi decrypts to a known username, proceed for that user; if not then send back an error.

I notice lots of clone and hack in validate.cgi, where he ought to be using a loop. Yuck!

Flat | Top-Level Comments Only