Posts: 9
Threads: 1
Joined: Oct 2009
Reputation:
0
(2015-05-29, 09:04 PM)martec Wrote: (2015-05-29, 02:32 PM)Skylord123 Wrote: As I have stated before, the performance will barely be affected if at all. Since users are already authenticated via php on mybb you may as well use that. Otherwise you will be encountering several issues such as when the user logs out they can potentially still be logged into the shoutbox, etc.
why not will affect?
all time that will push message will need use ajax... and not will affect?
And php server will need contact all time node server. So when someone will shout something, will need wait php open again new connection with node etc... This will made message delieve slowly in node server, this is lag that for me It is not acceptable. Ajax is very slow compared to websocket.
if will made something, for me better create new exclusive authentication for the shoutbox, and shoutbox will work as totaly external chat.
I have used AJAX to send messages in a chat program I created. There was basically no added time in latency. Think about it: When you are loading a web page there are MySQL queries happening, and guess what, those are on an external process that PHP has to connect to. Does that take a lot of time? No. Especially if the MySQL server is on localhost or the same datacenter as the web server.
The best way for security is to have MyBB handle the authentication and sending, modifying, and any other actions that only users can do. I don't see how you can justify not having security. Security should always be the first thing you plan out when making anything.
Just for the sake to prove you wrong I am going to modify your code over the next week and get it so it uses the method I have been explaining to you. I will then set it up on my own website and show you how fast it is.
Posts: 2,530
Threads: 124
Joined: Jul 2011
Reputation:
293
2015-06-01, 04:02 PM
(This post was last modified: 2015-06-01, 04:04 PM by martec.)
(2015-06-01, 03:13 PM)Skylord123 Wrote: (2015-05-29, 09:04 PM)martec Wrote: (2015-05-29, 02:32 PM)Skylord123 Wrote: As I have stated before, the performance will barely be affected if at all. Since users are already authenticated via php on mybb you may as well use that. Otherwise you will be encountering several issues such as when the user logs out they can potentially still be logged into the shoutbox, etc.
why not will affect?
all time that will push message will need use ajax... and not will affect?
And php server will need contact all time node server. So when someone will shout something, will need wait php open again new connection with node etc... This will made message delieve slowly in node server, this is lag that for me It is not acceptable. Ajax is very slow compared to websocket.
if will made something, for me better create new exclusive authentication for the shoutbox, and shoutbox will work as totaly external chat.
I have used AJAX to send messages in a chat program I created. There was basically no added time in latency. Think about it: When you are loading a web page there are MySQL queries happening, and guess what, those are on an external process that PHP has to connect to. Does that take a lot of time? No. Especially if the MySQL server is on localhost or the same datacenter as the web server.
The best way for security is to have MyBB handle the authentication and sending, modifying, and any other actions that only users can do. I don't see how you can justify not having security. Security should always be the first thing you plan out when making anything.
Just for the sake to prove you wrong I am going to modify your code over the next week and get it so it uses the method I have been explaining to you. I will then set it up on my own website and show you how fast it is.
you not read this?
http://community.mybb.com/thread-166773-...pid1160447
i will not use ajax. Only in registration.
Posts: 9
Threads: 1
Joined: Oct 2009
Reputation:
0
(2015-06-01, 04:02 PM)martec Wrote: you not read this?
http://community.mybb.com/thread-166773-...pid1160447
i will not use ajax. Only in registration.
You need to put a notice in your original post telling people of the security issue until you fix it. People need to know the security issues.
Posts: 2,530
Threads: 124
Joined: Jul 2011
Reputation:
293
(2015-06-01, 05:40 PM)Skylord123 Wrote: (2015-06-01, 04:02 PM)martec Wrote: you not read this?
http://community.mybb.com/thread-166773-...pid1160447
i will not use ajax. Only in registration.
You need to put a notice in your original post telling people of the security issue until you fix it. People need to know the security issues.
you are very boring.
anything affect the forum.
affect only shoutbox. i don't know why all this panic. This plugin communicate with openshift and not with your forum. This will not make your forum less secure.
Posts: 9
Threads: 1
Joined: Oct 2009
Reputation:
0
(2015-06-01, 05:45 PM)martec Wrote: (2015-06-01, 05:40 PM)Skylord123 Wrote: (2015-06-01, 04:02 PM)martec Wrote: you not read this?
http://community.mybb.com/thread-166773-...pid1160447
i will not use ajax. Only in registration.
You need to put a notice in your original post telling people of the security issue until you fix it. People need to know the security issues.
you are very boring.
anything affect the forum.
affect only shoutbox. i don't know why all this panic. This plugin communicate with openshift and not with your forum. This will not make your forum less secure.
You are advertising this as a shoutbox to put on people's forum. Therefor it does affect the forum. The security issue being that because you are displaying it on a forum there needs to be security. I am sure people here don't want their shoutbox getting hacked because of a lack of security.
If I wanted to I could have a web page that just constantly loops modifying every shout in the system. That way no one will ever be able to use the shoutbox. I could make it look like the admin of the forum is cursing at everyone else. There are numerous things that can be done to hurt a forums credibility using this plugin.
You are being ignorant by just ignoring my warnings. I'm not here to fight with you. I am here to tell you the issues in your code and why it can affect people. The average person isn't going to understand what I am talking about until there is an actual issue with it in the future. Because this is your plugin you need to warn people of the security hole in the plugin.
Posts: 3,791
Threads: 80
Joined: May 2011
Reputation:
94
2015-06-01, 10:27 PM
(This post was last modified: 2015-06-01, 10:29 PM by Josh H..)
Hello,
The team is investigating this report. Please realize that there is therefore no reason to continue trying to win this debate on the issue reported. If anybody has an issue related to this or has any questions, they may feel free to PM me or any other team member on the matter.
Thank you,
The MyBB Team
PGP Key (Fingerprint: 23B6 F4C0 FE2D 45AA 61A0 1E86 DB87 09DC DD87 6E40)
Posts: 2,530
Threads: 124
Joined: Jul 2011
Reputation:
293
2015-06-02, 12:08 PM
(This post was last modified: 2015-06-02, 04:00 PM by martec.)
(2015-06-01, 10:27 PM)Josh H. Wrote: Hello,
The team is investigating this report. Please realize that there is therefore no reason to continue trying to win this debate on the issue reported. If anybody has an issue related to this or has any questions, they may feel free to PM me or any other team member on the matter.
Thank you,
The MyBB Team
i'm know about issue...
and 3.0 in development https://martec.ml/test/index.php reported issue already solved.
Posts: 367
Threads: 39
Joined: Feb 2013
Reputation:
29
@martec when it ll be released any estimate ?
we miss this great plugin . in 1.8.5
Posts: 2,530
Threads: 124
Joined: Jul 2011
Reputation:
293
(2015-06-02, 04:07 PM)mujeebdgk Wrote: @martec when it ll be released any estimate ?
we miss this great plugin . in 1.8.5
planned in within a week.
i need rush because of 1.8.5 and security question.
Posts: 89
Threads: 6
Joined: May 2015
Reputation:
2
waiting for update.. ty
|