Valentines

Feb. 14th, 2003 01:53 pm
lnr: Halloween 2023 (Default)
[personal profile] lnr
OK so in the end I did have a go with the LVS. Oddly enough (when I finally got the notification, well done to Steve the author for sorting that out quickly and graciously) I found ewx and I had nominated each other. Neither of my two other nominees had nominated me back though. And I apparently have two mystery admirers. Wonder if they're brave enough to tell me who they are? You never can tell if I might not have been interested anyway, just out of slots.
  • Add Memory
  • Share This Entry
Threaded | Top-Level Comments Only

Date: 2003-02-14 05:58 am (UTC)
From: [identity profile] saraphale.livejournal.com
What's LVS?

Date: 2003-02-14 06:01 am (UTC)
From: [identity profile] daneel-olivaw.livejournal.com
And I apparently have two mystery admirers.

I seem to have one of those... Dammit, this double-blind thing is most irritating! [confused now]

Date: 2003-02-14 06:17 am (UTC)
lnr: Halloween 2023 (Default)
From: [personal profile] lnr
http://www.steve.org.uk/lvs/ the livejournal valentine system: too late for this year if you missed it though.

Date: 2003-02-14 06:22 am (UTC)
From: [identity profile] saraphale.livejournal.com
Ah well, no matter.

Date: 2003-02-14 07:36 am (UTC)
From: [identity profile] j4.livejournal.com
I'd just like to point out that I didn't do the LJ valentine thingy at all, so I'm sorry if you nominated me and didn't get a nomination back. (There ought to have been a way of at least checking if the person you've nominated has participated at all...)

*hugs*

Date: 2003-02-14 07:49 am (UTC)
lnr: Halloween 2023 (Default)
From: [personal profile] lnr
Hey, it's OK, since you didn't mention it I assumed you hadn't bothered, but I got such a lovely valentine from you anyway *smooch*

I passed on your comment in brackets to the author BTW, since he's been asking for suggestions, and he says he was a bit worried about the privacy implications of it which is why he left it out. I can see why you might not have time to think something like that through and work out if it's OK or not when you're just coding something up for a bit of a giggle.

Date: 2003-02-16 06:42 am (UTC)
From: [identity profile] dennyd.livejournal.com
A friend of mine was poking around the code looking for security holes and claimed to have found out a way to check if a given lj user had taken part. They correctly named the one who had out of the three in the room at the time, so I'm fairly convinced they were telling the truth. This was an exploit rather than a feature though  :)

Date: 2003-02-17 01:00 pm (UTC)
ext_8103: (Default)
From: [identity profile] ewx.livejournal.com

(Looks) yes, that should be really easy. The URL has a username and an opaque string in it; replace the username with the want you want and the opaque string with any old rubbish. If the user exists, you'll get one message, if they don't you'll get a different one. Voila.

The code to choose the hex string is rather poor too.

I believe that a better approach would be to encrypt the username using a secret key with a symmetric cipher, and quote the result (and not the username) in the URL send back by join.cgi. If the value received by validate.cgi decrypts to a known username, proceed for that user; if not then send back an error.

I notice lots of clone and hack in validate.cgi, where he ought to be using a loop. Yuck!

  • Add Memory
  • Share This Entry
Threaded | Top-Level Comments Only

Profile

lnr: Halloween 2023 (Default)
lnr
Where you can find me

January 2026

S M T W T F S
    123
45678910
11121314151617
181920 21222324
25262728293031

Most Popular Tags

Page Summary

Active Entries

Style Credit

Expand Cut Tags

No cut tags
Page generated Feb. 11th, 2026 05:49 am
Powered by Dreamwidth Studios