Author |
Topic: Chatroom Impersonations (Read 1707 times) |
|
Sconibulus
Forum Guru
Arimaa player #4633
Gender:
Posts: 116
|
|
Chatroom Impersonations
« on: Aug 19th, 2011, 4:56pm » |
Quote Modify
|
It seems that, with what's probably javascript injection, it's pretty easy to alter the name that displays in the chat. Given that this is sometimes used as validation for other services, such as teamspeak during event games, this could be a little bit of an issue.
|
|
IP Logged |
|
|
|
rabbits
Forum Guru
Arimaa player #1337
Gender:
Posts: 108
|
|
Re: Chatroom Impersonations
« Reply #1 on: Aug 19th, 2011, 6:45pm » |
Quote Modify
|
It's true. Someone is able to change names in the chatroom, and the imposter claims to be ME!
|
|
IP Logged |
|
|
|
leo
Forum Guru
Gender:
Posts: 278
|
|
Re: Chatroom Impersonations
« Reply #2 on: Aug 22nd, 2011, 4:51am » |
Quote Modify
|
Hi guys ^_^ A patch was applied yesterday to fix the problem. If the chat window looks blank, please hit refresh to bypass your cache. The thing was actually not a bug or exploit, but a case of work-not-finished which I'm pretty ashamed of Initially, years ago, user identity was intentionally kept unchecked during the testing phase because I was planning to somehow link the chatroom to the gameroom, but we ran into more urgent problems such as making the chat work for every browser. Remember, we merrily trusted each other back then Anyway, thank you Migi for finding the thing. You're more than welcome to do more fiddling with firebug so as to make sure everything's secure About the ugly color palette: Initially I was hoping we'd develop a nice handy color picker but the stamina went low. But I could add a little edit box to enter color hex codes; would it be useful? Ha, and while I was at it, I fixed the auto-logout bug, which wasn't visible before because most browsers didn't call the window.onunload event. If you have any suggestions for future versions of the chatroom, please use that (slightly old) thread: http://arimaa.com/arimaa/forum/cgi/YaBB.cgi?board=siteIssues;action=disp lay;num=1277584475 Thanks!
|
|
IP Logged |
|
|
|
Fritzlein
Forum Guru
Arimaa player #706
Gender:
Posts: 5928
|
|
Re: Chatroom Impersonations
« Reply #3 on: Aug 22nd, 2011, 7:21am » |
Quote Modify
|
Leo, thanks for coming up with a patch so quickly. Don't apologize! Your chat client is a wonderful addition to the Arimaa community; it has helped make our friendly fellowship even friendlier. Thank you!
|
|
IP Logged |
|
|
|
Migi
Forum Senior Member
Arimaa player #4643
Gender:
Posts: 26
|
|
Re: Chatroom Impersonations
« Reply #4 on: Aug 22nd, 2011, 11:19am » |
Quote Modify
|
on Aug 22nd, 2011, 4:51am, leo wrote:Anyway, thank you Migi for finding the thing. You're more than welcome to do more fiddling with firebug so as to make sure everything's secure |
| Actually it wasn't me who found it out. I was just trying to find a way to pick my own color, told people about it and then they started messing with it too. I think it was rabbits who first started changing his name (to Rabbits). But I'm really glad it's fixed now. It was fun for like 5 minutes, and then it became annoying. on Aug 22nd, 2011, 4:51am, leo wrote:About the ugly color palette: Initially I was hoping we'd develop a nice handy color picker but the stamina went low. But I could add a little edit box to enter color hex codes; would it be useful? |
| The color palette isn't all that ugly (though there are 2 identical greens). It's just that it's a fairly limited choice, so a color picker would be nice. But you don't have to develop all your javascript tools from scratch, you know. Developing datepickers and colorpickers from scratch takes far too much time. Definitely if you want to make them cross-browser compatible. There are tons of existing, plug-and-play color pickers available, like this, this and this.
|
|
IP Logged |
|
|
|
Hippo
Forum Guru
Arimaa player #4450
Gender:
Posts: 883
|
|
Re: Chatroom Impersonations
« Reply #5 on: Aug 22nd, 2011, 11:32am » |
Quote Modify
|
Great, leo, let me join Fritzlein to thank you.
|
|
IP Logged |
|
|
|
leo
Forum Guru
Gender:
Posts: 278
|
|
Re: Chatroom Impersonations
« Reply #6 on: Aug 23rd, 2011, 12:27am » |
Quote Modify
|
@ Fritz & Hippo - I'm glad there was a quick fix available: Actually Omar had already added the authentication system at the opening of the chatroom window. I simply extended it to the chat manager. @ Migi - So, congrats to Rabbits too But your changing the palette colors was the smart breakthrough. The color picker components all work within the JQuery framework, but the chatroom was developed in "plain javascript" which means we can't use them. But there has been some discussion last year to rewrite the whole chatroom using one of those frameworks. Anybody up to start again in september? Meanwhile, I've found a way for board piece impersonation, and I win everytime by elimination:
|
|
IP Logged |
|
|
|
Migi
Forum Senior Member
Arimaa player #4643
Gender:
Posts: 26
|
|
Re: Chatroom Impersonations
« Reply #7 on: Aug 24th, 2011, 4:47pm » |
Quote Modify
|
on Aug 23rd, 2011, 12:27am, leo wrote:The color picker components all work within the JQuery framework, but the chatroom was developed in "plain javascript" which means we can't use them. But there has been some discussion last year to rewrite the whole chatroom using one of those frameworks. |
| Actually, jquery is not so much a framework, more a library with a set of tools. Sure, there's a "jquery way" of doing things and a "plain javascript way", but you can mix the two perfectly fine. So there's no need to rewrite anything. I'm not trying to push you towards using jquery or anything, it's just the only javascript library I have experience with, and it's been generally quite a pleasant experience so far. on Aug 23rd, 2011, 12:27am, leo wrote:Meanwhile, I've found a way for board piece impersonation, and I win everytime by elimination |
| Haha, that's pretty funny.
|
|
IP Logged |
|
|
|
Swynndla
Forum Guru
Arimaa player #1821
Posts: 235
|
|
Re: Chatroom Impersonations
« Reply #8 on: Aug 30th, 2011, 6:17am » |
Quote Modify
|
When I try and connect to the chat using google-chrome on linux, it says: Checks: 1 Checks: 2 Checks: 3 ... and so on, but I'm not able to see anyone (even though there are many people in the chat room) and I'm not able to chat. When I use firefox (also on linux) it works with no problems. Hmmm - I wonder if this a problem with the chat or if it something I've done at my end.
|
|
IP Logged |
|
|
|
leo
Forum Guru
Gender:
Posts: 278
|
|
Re: Chatroom Impersonations
« Reply #10 on: Aug 30th, 2011, 12:22pm » |
Quote Modify
|
@Swynndla - Most probably your Chrome is using the cached version of the chatroom prior to the patch, which means the old-way requests are rejected. Try hitting refresh to bypass the cache. @Migi - Thanks, I'll have a look at how to mix both. Next version of the chatroom will be much better if everybody works on it
|
|
IP Logged |
|
|
|
Migi
Forum Senior Member
Arimaa player #4643
Gender:
Posts: 26
|
|
Re: Chatroom Impersonations
« Reply #11 on: Aug 30th, 2011, 3:16pm » |
Quote Modify
|
on Aug 30th, 2011, 12:22pm, leo wrote:Next version of the chatroom will be much better if everybody works on it |
| If you want my help on something, just PM or email me and I'll gladly help out a bit. On a sidenote, it would be great if we could use JSON for all the server-to-client messages. For the gameroom and the game itself this seems to be the case already, but for the chatroom it looks like we use a sort of ad-hoc format right now. The reason I say this is that apparently other people are making arimaa clients too (like this one) and they basically make a separate gameroom, which splits the community. JSON is easy to parse, and there are libraries for every language, so when people want to make a new Arimaa interface they could easily use the same server data so the community wouldn't be divided between the different interfaces.
|
|
IP Logged |
|
|
|
leo
Forum Guru
Gender:
Posts: 278
|
|
Re: Chatroom Impersonations
« Reply #12 on: Dec 12th, 2011, 2:55pm » |
Quote Modify
|
4 months later... Oops, I somehow managed to totally not see your post, Migi. Sorry about that. I'm going to start a little thread about minor changes to the chatroom for options that have been discussed on the chatroom itself, mainly a command for kicking players who forget to log out before playing an official game. We can discuss the question of data encoding on that same thread. See you there
|
« Last Edit: Dec 12th, 2011, 2:57pm by leo » |
IP Logged |
|
|
|
|