MyMP3BoardDotCom The Original
Joined: 27 Jul 2002 Posts: 282
|
Posted: Wed Oct 23, 2002 10:38 am Post subject: Important changes of EZ-Board (use of HTML) *READ*! |
|
|
Quote: Detail of Security Changes
The following changes are being made in order to tighten the security across the ezboard network. Over the years we have identified who and what kind of attacks are done. The changes below will remove the tools that are used in attacks. Thank you for your cooperation and understanding.
Changes for FREE/Trial Communities
Advanced Customization (renamed Custom HTML for 7.0)
NO JavaScript or Metarefresh (URL redirection) coding allowed
Posting
NO HTML allowed - only ezcodes
Changes for FREE User Accounts
Public Profile
NO JavaScript, NO CSS, NO Metarefresh (URL redirection) allowed -- only simple HTML, image URLs and text
Custom Signature
HTML is not allowed; only ezcodes
This change affects Free Users on all communities
Changes for ezSupporter Accounts
Public Profile
NEW FEATURE: Profile Skinning
ezSupporters will now have more customization ability with fully-supported CSS and pre-defined skins. Check out the Profile Skin Trading forum for details on this feature.
Changes for Gold Communities
NO changes
Security Changes FAQ
Why are GOLD communities and ezSupporters able to have potentially dangerous features?
In our experience, over 99% of attacks come from FREE communities and users, not subscribing communities and members. We believe the biggest reason is that a person who pays for their service does not want to risk losing their service by causing trouble for others. However, If any Gold Community or ezSupporter is found exploiting these features by adding malicious code, their community and/or account will be locked down immediately and no refund will be given. There are no exceptions. Please see our Terms Of Use for details
What about people/communities who use JavaScript to have things like clocks or counters?
Since it is impossible to distinguish safe JavaScript code from unsafe JavaScript code, we must disable all JavaScript. However, we are evaluating ways to provide these types of services through ezboard (i.e., we provide the code from our servers for use).
I'm an ezSupporter and have taken advantage of the CSS "hack" to customize the look and feel of my profile. What will happen to my current CSS customization when the changes take place?
With the 7.0 release CSS profile customization will become a fully supported ezboard feature. Unfortunately, this means that all previous"hacks" will not work with the new system. While we regret this inconvenience to our paying customers, our new Profile Skinning feature will allow for almost unlimited customization of your profile that was not available with the "hack". More information can be found at the Profile Skin Trading forum.
Why are you only allowing ezcodes in Custom Signatures for Free Users?
To many simple HTML coding may seem benign, however in the wrong hands it can and has posed serious security risks for ezboard communities. We have removed HTML capability from Free Users because that's where the problem arises. However, any ezSupporter found abusing their HTML signature priviliges will be immediately banned - no refund will be given.
How will this move from HTML to ezcodes affect my current HTML signature?
For the vast majority of our users, all signature coding that was in HTML can now be done with ezcodes. All you will need to do is simply recode it with ezcodes instead of HTML.
Best regards,
Vanchau Nguyen
Founder & CEO EZboard.com
|
|