Page 1 of 1
Data leak in 6.50B11
Posted:
Sat Jul 13, 2013 8:25 pmby aglenday
When searching the search request goes out via HTTPS (good), the results come back via HTTPS (still good). If no results are found the 'NO RESULTS SEARCHING ON SUBJECT "Acme Publishing" ' message is sent back via HTTP resulting is data leakage.
Having said that I think it's wonderful software. The biggest problem I find with Usenet is trying to find what I'm after and NewsBin is doing a wonderful job of indexing most groups.
Re: Data leak in 6.50B11
Posted:
Sat Jul 13, 2013 9:42 pmby Quade
I'll mention this to Dex. See if he can make the URLS https.
Re: Data leak in 6.50B11
Posted:
Sat Jul 13, 2013 11:01 pmby dexter
I didn't see any point to having error messages come back as https. It's been like this for years. Your searches and search results are https.
I can look into it if you think it's important for any errors to be sent back as https.
Re: Data leak in 6.50B11
Posted:
Sun Jul 14, 2013 1:32 amby aglenday
I just figured it had been overlooked. If the request and results are sent and received as https for privacy it makes sense for anything that could leak data to be also received as https.
It's only a small thing.
Re: Data leak in 6.50B11
Posted:
Wed Jul 17, 2013 8:05 pmby dexter
Any search errors you receive are being returned over https now.
Re: Data leak in 6.50B11
Posted:
Sat Jul 27, 2013 12:27 amby aglenday
Thank you for doing that Dexter.