hello....
please anyone, pay attention to this "Ray IM url is dangerous", someone can stole member password if the member open his / her ray IM url on public computer ( for example : internet cafe )
here is the explanation.
- assume that this logged member access your community from public computer
- the logged member view his/her friend on your community,
- if his/her friend is online, of course he/she will see a link "chat now" ( this link is RAY IM )
- when the logged member click this link, it will open ray im page, and the url of this page is
http://yourcommunity.com/ray/index.php?module=im&app=user&sndId=22&password=e10adc3949ba59abbe56e057f20f883e&rspId=116
- by default the location bar of the window is hided, but anyone can see this url by viewing "HISTORY bar" on browser.
//// NEXT, assume that now another person is accessing lass logged member
- he see there are LOGGED member's ID and encripted password,
- get logged member's nickname is really easy
- get logged member's password --> open www.md5crack.com -> copypaste encripted password
(e10adc3949ba59abbe56e057f20f883e)
-> then he get your member password ( 123456)
.
.
for solution:
you can ensure you member to make a compleks password to make their password safer.
