Quote:
Originally Posted by Shoe Lace
Most popular web servers have some form of basic authentication support. You don't even have to touch your application code to put it behind authentication. There's no excuse not to protect sensitive stuff with a login/password.
How many hands did it take for Stars to point you to a web address instead of just e-mailing you the hands? I sort of remember them sending e-mails for hands back in 2003ish but I never asked them to send a lot of hands at once. At most it was a few thousand (before I learned about saving them locally and PT).
I would guess that they'd do it whenever the amount of data exceeds e-mail attachment limits. So the limit likely would've been on the order of 10k-100k hands depending on how they packaged the data and whatever attachment limits they had.
Quote:
Originally Posted by Gullanian
Are the stars hash URLS temporary or permanent?
Dunno. This was a long time ago too. It might not be their current strategy.
I e-mailed stars security about it forever ago. I identified the wrong vulnerability, though; I talked about a program that would try all possible URLs, which obviously isn't a legitimate threat, instead of one of the many other ways that someone might get one of the URLs, which obviously is. Josem correctly pointed out that that was not a legitimate risk.