News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Flash

Started by TheEnforcer, May 22, 2005, 01:38:13 PM

Previous topic - Next topic

TheEnforcer

Why is enabling flash a security risk?

[Unknown]

Because people can steal cookies, etc.

-[Unknown]

TheEnforcer

I dont understand how can theyu steal cookies if cookies are nto enabled?

[Unknown]

The point is, if you were to allow anyone to post flash, they would be able to (theoretically) log in as you.

-[Unknown]

TheEnforcer

IS there away you can Log who log in and whwere and from what IP?

[Unknown]

That would be your Apache access log.  Contact your host.

-[Unknown]

Escobar

#6
Hello, I want to ressurect this thread.

I didn't see a reason to disable "embed flash".... until now.

At another forum, a person was giving advice on how to screw someone.

It was an ImageShack swf link...but when you clicked it, it made your browser multiply infinitely.

If this was embedded, it would execute every time someone loaded the page.

So if you were like me, and didn't have a visual example of why allowing flash is dangerous...there you go.

I won't post the ImageShack link here...but it's so simple, it's scary.

I have a question...
I want to post my flash sigs at  my forum...
But I limit who can post flash.

Can I limit posting flash to admins and mods?
I chose SMF because you get your questions answered.

Oldiesmann

Yes.

Sources/Subs.php

1.0.5:

Find
if (empty($modSettings['enableEmbeddedFlash']) || isset($disabled['flash']))

Replace
if ((empty($modSettings['enableEmbeddedFlash']) && !(allowedTo('admin_forum') || in_array('2', $user_info['groups']) || $user_info['is_mod'])) || isset($disabled['flash']))

1.1:

Find
if (empty($modSettings['enableEmbeddedFlash']))
$disabled['flash'] = true;


Replace
if (empty($modSettings['enableEmbeddedFlash']) && !(allowedTo('admin_forum') || in_array('2', $user_info['groups']) || $user_info['is_mod']))
$disabled['flash'] = true;


The in_array('2', $user_info['groups']) part checks to see if they're a Global Mod.
Michael Eshom
Christian Metal Fans

J. Williams

I hate flash,still isn't fully stable.Crashes much more,java is more co-operative
Joshua Jon Williams
Back in Action.

Redsmurf

How can we enable the "embed Flash" feature?   My forum is small so its not a securtiy risk.  Thanks.

JayBachatero

For 1.0.x
Admin > Edit features and options > Embed flash into posts

For 1.1
Admin > posts and topics > Embed flash into posts
Follow me on Twitter

"HELP!!! I've fallen and I can't get up"
This moment has been brought to you by LifeAlert

Redsmurf

My mistake - is there any way to use HTML in a thread so you can display flash that way?
That might fix the issue outlined in this thread:
http://www.simplemachines.org/community/index.php?topic=49987.0

GTec

Quote from: Oldiesmann on October 14, 2005, 03:44:24 PM
Yes.

Sources/Subs.php

1.0.5:

Find
if (empty($modSettings['enableEmbeddedFlash']) || isset($disabled['flash']))

Replace
if ((empty($modSettings['enableEmbeddedFlash']) && !(allowedTo('admin_forum') || in_array('2', $user_info['groups']) || $user_info['is_mod'])) || isset($disabled['flash']))

The in_array('2', $user_info['groups']) part checks to see if they're a Global Mod.

thats great thx ...  and what if i want to allow it to Hero's too ?  (Admin's, Mod's and Hero's)
thanks for the great help here!

Escobar

Wow! Thanks for the reply oldiesman.
Your answers have helped me out many times.

I would like to second Gtec's question.

There may come a time when I want certain user-groups to have the ability to post flash.

Is it also possible to assign Flash permission's based on group?
(Maybe by editing your code changes?)
I chose SMF because you get your questions answered.

Faustus

VERY nice info. How would this be done to enable html also?

I have a guess but don't want to crash anything.

Faustus

not possible then?

JayBachatero

In 1.1 Admins have the ability to have html in their posts.
Follow me on Twitter

"HELP!!! I've fallen and I can't get up"
This moment has been brought to you by LifeAlert

Faustus

Quote from: JayBachatero on October 27, 2005, 04:13:32 PM
In 1.1 Admins have the ability to have html in their posts.

Odd. Is it an option somewhere?

*goes off to look again*

JayBachatero

Quote from: Faustus on October 27, 2005, 06:30:03 PM
Quote from: JayBachatero on October 27, 2005, 04:13:32 PM
In 1.1 Admins have the ability to have html in their posts.

Odd. Is it an option somewhere?

*goes off to look again*

Admin > Posts and Topics > Bulletin Board Code > Enable basic HTML in posts (?):
Follow me on Twitter

"HELP!!! I've fallen and I can't get up"
This moment has been brought to you by LifeAlert

Faustus

Ah but I ONLY want to do it for Admins and Mods. Not everyone else.

Advertisement: