Printer Friendly Error

Shemeska · Feb 18, 2008

The Gleemax/DDI coding by the lowest bidder seems to be showing.

Campbell · Feb 18, 2008

Mercule said:
As a developer for the same platform (ASP.NET) WotC is using, that security won't be hard to toggle. Doing it the way they did had to have been a conscious choice.

It actually looks like Wizards' site is still using Classic ASP.

Delta · Feb 18, 2008

withak said:
Expecting or even worrying about this specific problem persisting into the production version of D&DI is, IMHO, just a tad silly.

I do think we're already in "a tad silly" territory when they haven't fixed this in the last 4 months.

Ulorian - Agent of Chaos · Feb 18, 2008

withak said:
Then what is left to discuss? This really is a non-issue.

This security "hole" has existed in D&DI for months now. Presumably, it's been left open to allow content access to those who have had problems logging in, myself included. Once D&DI subscriptions go live, it stands to reason that the powers that be will implement something a bit more robust.

You're missing the point again. Go back and reread all of my posts in this thread. When you first quoted me, you were referencing a reply I made to a blanket comment about authentication/authorisation in web apps, not in specific reference to DDI. Again, my comment to which you've been responding has nothing to do with DDI.

drothgery · Feb 18, 2008

Campbell said:
It actually looks like Wizards' site is still using Classic ASP.

There's a little bit of it around. But maintaining authentication between ASP.NET forms authentication and classic ASP is also a solved problem.

frankthedm · Feb 18, 2008

Hey! Quit talking about this! Last thing we need is for wotc to ruin this!

Scott_Rouse · Feb 19, 2008

So what the deal with this interweb page thingy everyone is talking about?

drothgery · Feb 19, 2008

Scott_Rouse said:
So what the deal with this interweb page thingy everyone is talking about?

You manage RPG designers, and we'll do the web programming talk, okay?

fnwc · Feb 19, 2008

I think everyone is overreacting. I do .NET and ColdFusion programming everyday at my job and my thought is that the current login system is merely a placeholder that doesn't do any actual authentication.

My guess is that it will be fixed by the time it matters.

Dragon Snack · Feb 19, 2008

It does attempt to authenticate. I can't log in with my username and password at WotC anymore, it denies me.

Printer Friendly Error

Shemeska

Adventurer

Campbell

Relaxed Intensity

Delta

First Post

Ulorian - Agent of Chaos

Legend

drothgery

First Post

frankthedm

First Post

Scott_Rouse

Explorer

drothgery

First Post

fnwc

Explorer

Dragon Snack

First Post

Similar Threads