PDA

View Full Version : Wow



Jemma&Theo
27-02-2007, 05:40 PM
look what i just got off bunny basics newsletter- this is part of the email

----------------------------------------------------------------------------

By the end of this month we hope to one of the very first companies to stock the Snuggle Safe Bunny Warren Interchange (the square section in the picture below). This priced at £7.99 with the warrens themselves priced at £9.99 each. We are currently taking pre orders for these products.



http://i169.photobucket.com/albums/u206/jemmayale/bwarrenan.jpg


and these

http://i169.photobucket.com/albums/u206/jemmayale/House20and20Run.jpg
http://i169.photobucket.com/albums/u206/jemmayale/cottage.jpg

Flo
27-02-2007, 05:42 PM
I am saving for the bottom hutch! Found it cheaper elsewhere tho :oops:

Jemma&Theo
27-02-2007, 05:44 PM
its amazing, where you seen it?

Jacqui_UK
27-02-2007, 06:20 PM
Awww nice one!

Jemma&Theo
27-02-2007, 06:22 PM
look too

THAT IS BRILLIANT

http://www.bunnybasics.net/ferplast-rodent-flipper-p-928.html?osCsid=787e60f59d7c67df701c3d04f769ef22

(without my login this time)

rineyroo
27-02-2007, 06:46 PM
Jemma, you had better remove that link, cos I can see all your account details. Quick before someone evils sees it! I don't know why bunnybasics isn't secure like that, you shouldn't be able to do that.

Jemma&Theo
27-02-2007, 07:15 PM
idiots!!! myself included :(

Dasonix
27-02-2007, 08:58 PM
Hi there.

If Jemma had logged out then the Session ID would not be active but if she was logged in at the time and somebody clicks on the link before the 3 minute timeout then the session stays active. If we did not have the session ID you would not be able to have a shopping cart.

how the hyper link works:

http://www.bunnybasics.net/ferplast-rodent-flipper-p-928.html?osCsid=787e60f59d7c67df701c3d04f769ef22

http://www.bunnybasics.net/ferplast-rodent-flipper-p-928.html = the actual product hyperlink

?osCsid=787e60f59d7c67df701c3d04f769ef22 = your session ID = Do not paste this part.

The links from our site always end in the .HTML anything after that is the session ID (SID)

Our server is secure but if a user gives you there login details (SID) in a link what can we do?

Just so you all know NO CC details are held on our server, RBS holds all that info on there servers.

I can name about 60k+ websites that will do the same inc SPH and THE

So lessons to learn from this

Always logout of a site if you have an account on there.
Hyper links will always end in .PHP, .HTML etc.

Who is the idiot???????

honeybunny
27-02-2007, 09:02 PM
the hutch and large run looks great but would need to make the ramp a lot less steep to be safe for bunnies ..especially older ones

Jemma&Theo
27-02-2007, 09:07 PM
Hi there.

If Jemma had logged out then the Session ID would not be active but if she was logged in at the time and somebody clicks on the link before the 3 minute timeout then the session stays active. If we did not have the session ID you would not be able to have a shopping cart.

how the hyper link works:

http://www.bunnybasics.net/ferplast-rodent-flipper-p-928.html?osCsid=787e60f59d7c67df701c3d04f769ef22

http://www.bunnybasics.net/ferplast-rodent-flipper-p-928.html = the actual product hyperlink

?osCsid=787e60f59d7c67df701c3d04f769ef22 = your session ID = Do not paste this part.

The links from our site always end in the .HTML anything after that is the session ID (SID)

Our server is secure but if a user gives you there login details (SID) in a link what can we do?

Just so you all know NO CC details are held on our server, RBS holds all that info on there servers.

I can name about 60k+ websites that will do the same inc SPH and THE

So lessons to learn from this

Always logout of a site if you have an account on there.
Hyper links will always end in .PHP, .HTML etc.

Who is the idiot???????

no need to be so darn harsh

Jemma&Theo
27-02-2007, 09:09 PM
i think they look brilliant

Dasonix
27-02-2007, 09:50 PM
no need to be so darn harsh

I think we might both have got the wrong end of the stick

I truly did not know who was being called an idiot hence the ??? at the end of my post.

Sometimes the facts have to be said so that people understand how websites work. Not everybody with a computer understands how to protect themselves fully on the internet. My mother hasnt got a clue of example (thats why i spend most of my time visiting her cleaning all the virii and junk off her PC)

As I was trying to get across all the really important info AKA CC numbers etc are only accessable to RBS (they own worldpay) we dont even have access to that info. so the only info ppl can get from a active session is your name, address and contact number. e.g. the same as if somebody left there phone bill on a table in mcdonalds.

Security on our server can only go so far. We use dedicated servers to ensure that nobody other than us has access to the server. (only 2 IP addresses can access the master account on bunnybasics, anybody else tries it and they get banned after the first attempt) Our server is protected by 2 firewalls, 1 hardware and 1 software. There are lots of other tricks on there too but that is classified

There has to be a 3 min session timeout as that is how long it takes the average person to go through either the worldpay or Paypal checkout process.

Even though we have all this as the above post goes to show anybody can make a mistake but if they do they only have themselves to blame. logging out the SID is always cancelled hence no personal data is exposed.

As I said this is by no means just a bunnybasics thing, SPH, THE, and any other OSC based shopping cart will have the same problem. So take care where ever you shop in what hyperlinks you share.

And to people that find a hyperlink that leads to a persons account details from any site PLEASE Log them out they will thank you for it.