• Forum/Server Upgrade If you are reading this you have made it to the upgraded forum. Posts made on the old forum after 26th October 2023 have not been transfered. Everything else should be here. If you find any issues please let us know.

Wow

Jemma&Theo

Jemma&Theo

Mama Doe
look what i just got off bunny basics newsletter- this is part of the email

----------------------------------------------------------------------------

By the end of this month we hope to one of the very first companies to stock the Snuggle Safe Bunny Warren Interchange (the square section in the picture below). This priced at £7.99 with the warrens themselves priced at £9.99 each. We are currently taking pre orders for these products.



bwarrenan.jpg



and these

House20and20Run.jpg

cottage.jpg
 
Jemma, you had better remove that link, cos I can see all your account details. Quick before someone evils sees it! I don't know why bunnybasics isn't secure like that, you shouldn't be able to do that.
 
Hi there.

If Jemma had logged out then the Session ID would not be active but if she was logged in at the time and somebody clicks on the link before the 3 minute timeout then the session stays active. If we did not have the session ID you would not be able to have a shopping cart.

how the hyper link works:

http://www.bunnybasics.net/ferplast....html?osCsid=787e60f59d7c67df701c3d04f769ef22

http://www.bunnybasics.net/ferplast-rodent-flipper-p-928.html = the actual product hyperlink

?osCsid=787e60f59d7c67df701c3d04f769ef22 = your session ID = Do not paste this part.

The links from our site always end in the .HTML anything after that is the session ID (SID)

Our server is secure but if a user gives you there login details (SID) in a link what can we do?

Just so you all know NO CC details are held on our server, RBS holds all that info on there servers.

I can name about 60k+ websites that will do the same inc SPH and THE

So lessons to learn from this

Always logout of a site if you have an account on there.
Hyper links will always end in .PHP, .HTML etc.

Who is the idiot???????
 
the hutch and large run looks great but would need to make the ramp a lot less steep to be safe for bunnies ..especially older ones
 
Bunnybasics said:
Hi there.

If Jemma had logged out then the Session ID would not be active but if she was logged in at the time and somebody clicks on the link before the 3 minute timeout then the session stays active. If we did not have the session ID you would not be able to have a shopping cart.

how the hyper link works:

http://www.bunnybasics.net/ferplast....html?osCsid=787e60f59d7c67df701c3d04f769ef22

http://www.bunnybasics.net/ferplast-rodent-flipper-p-928.html = the actual product hyperlink

?osCsid=787e60f59d7c67df701c3d04f769ef22 = your session ID = Do not paste this part.

The links from our site always end in the .HTML anything after that is the session ID (SID)

Our server is secure but if a user gives you there login details (SID) in a link what can we do?

Just so you all know NO CC details are held on our server, RBS holds all that info on there servers.

I can name about 60k+ websites that will do the same inc SPH and THE

So lessons to learn from this

Always logout of a site if you have an account on there.
Hyper links will always end in .PHP, .HTML etc.

Who is the idiot???????
Click to expand...

no need to be so darn harsh
 
no need to be so darn harsh
Click to expand...

I think we might both have got the wrong end of the stick

I truly did not know who was being called an idiot hence the ??? at the end of my post.

Sometimes the facts have to be said so that people understand how websites work. Not everybody with a computer understands how to protect themselves fully on the internet. My mother hasnt got a clue of example (thats why i spend most of my time visiting her cleaning all the virii and junk off her PC)

As I was trying to get across all the really important info AKA CC numbers etc are only accessable to RBS (they own worldpay) we dont even have access to that info. so the only info ppl can get from a active session is your name, address and contact number. e.g. the same as if somebody left there phone bill on a table in mcdonalds.

Security on our server can only go so far. We use dedicated servers to ensure that nobody other than us has access to the server. (only 2 IP addresses can access the master account on bunnybasics, anybody else tries it and they get banned after the first attempt) Our server is protected by 2 firewalls, 1 hardware and 1 software. There are lots of other tricks on there too but that is classified

There has to be a 3 min session timeout as that is how long it takes the average person to go through either the worldpay or Paypal checkout process.

Even though we have all this as the above post goes to show anybody can make a mistake but if they do they only have themselves to blame. logging out the SID is always cancelled hence no personal data is exposed.

As I said this is by no means just a bunnybasics thing, SPH, THE, and any other OSC based shopping cart will have the same problem. So take care where ever you shop in what hyperlinks you share.

And to people that find a hyperlink that leads to a persons account details from any site PLEASE Log them out they will thank you for it.
 
You must log in or register to reply here.

Similar threads

B
To Bond or Not to Bond?
Replies
4
Views
689
joey&boo
joey&boo
Graciee
Outside run suggestions
Replies
9
Views
2K
CometLucy195
C
ShivyRex
Custom built kennel in progress and I am SO excited!
Replies
10
Views
3K
tulsi
tulsi
Back
Top