Quantcast

Got Homework?

Connect with other students for help. It's a free community.

  • across
    MIT Grad Student
    Online now
  • laura*
    Helped 1,000 students
    Online now
  • Hero
    College Math Guru
    Online now

Here's the question you clicked on:

55 members online
  • 0 replying
  • 0 viewing

‌‌ Group Title

How is this possible??? This is @SWAG. I was testing this to see if it worked and it did, so how is it possible.

  • one year ago
  • one year ago

  • This Question is Closed
  1. joannaxox3 Group Title
    Best Response
    You've already chosen the best response.
    Medals 0

    if what workeeD?

    • one year ago
  2. ‌‌ Group Title
    Best Response
    You've already chosen the best response.
    Medals 1

    I have no name

    • one year ago
  3. joannaxox3 Group Title
    Best Response
    You've already chosen the best response.
    Medals 0

    i noticed..that odd...check all the other ambassadors.

    • one year ago
  4. ‌‌ Group Title
    Best Response
    You've already chosen the best response.
    Medals 1

    No no, I made this account with no name. My SWAG account is fine.

    • one year ago
  5. joannaxox3 Group Title
    Best Response
    You've already chosen the best response.
    Medals 0

    oh ok then ...got it lol ... well i cant see my smart score i cant see my messages unless i go to my profile idk y tho.

    • one year ago
  6. Compassionate Group Title
    Best Response
    You've already chosen the best response.
    Medals 1

    Did you type in a normal name to register with or use special characters?

    • one year ago
  7. ‌‌ Group Title
    Best Response
    You've already chosen the best response.
    Medals 1

    I dont know I just looked something up and pasted this

    • one year ago
  8. ‌‌ Group Title
    Best Response
    You've already chosen the best response.
    Medals 1

    ‌‌

    • one year ago
  9. ‌‌ Group Title
    Best Response
    You've already chosen the best response.
    Medals 1

    ^

    • one year ago
  10. joannaxox3 Group Title
    Best Response
    You've already chosen the best response.
    Medals 0

    theres nothing? you posted nothing ?

    • one year ago
  11. ‌‌ Group Title
    Best Response
    You've already chosen the best response.
    Medals 1

    @joannaxox3 Exactly & No one can see their stuff at the moment

    • one year ago
  12. joannaxox3 Group Title
    Best Response
    You've already chosen the best response.
    Medals 0

    @.. wel i cant put your name cuz you got nun ...yes i cant see my stuff well my messages

    • one year ago
  13. poopsiedoodle Group Title
    Best Response
    You've already chosen the best response.
    Medals 2

     alt + 255 

    • one year ago
  14. Compassionate Group Title
    Best Response
    You've already chosen the best response.
    Medals 1

    gooby pls

    • one year ago
  15. joannaxox3 Group Title
    Best Response
    You've already chosen the best response.
    Medals 0

    what does alt+255 do?

    • one year ago
  16. SWAG Group Title
    Best Response
    You've already chosen the best response.
    Medals 2

    Just to verify this was me

    • one year ago
  17. joannaxox3 Group Title
    Best Response
    You've already chosen the best response.
    Medals 0

    oh well my computer does this ringing sound when i push that .

    • one year ago
  18. shadowfiend Group Title
    Best Response
    You've already chosen the best response.
    Medals 5

    You're using a Unicode character that essentially indicates, “INVISIBLE SEPARATOR”: http://www.fileformat.info/info/unicode/char/2063/index.htm . Because it isn't typically considered whitepsace, stripping a given string doesn't necessarily remove it.

    • one year ago
  19. shadowfiend Group Title
    Best Response
    You've already chosen the best response.
    Medals 5

    We explicitly chose not to enforce on the server length limits to usernames because long usernames don't harm the system to our knowledge. We're still not convinced that was what affected things a little while ago. Likewise, we explicitly chose not to filter characters. That was because we wanted to allow you folks the expressive power of being able to use unicode characters in your usernames, and because in order to properly avoid all of the username duplication attacks and other such issues that can be caused with unicode, we'd have to eliminate large spans of that possibility. That said, we may start automatically stripping invisible separator characters during username submission.

    • one year ago
  20. SWAG Group Title
    Best Response
    You've already chosen the best response.
    Medals 2

    I see, well this is very interesting. Thank you Shadow.

    • one year ago
  21. Sean_Le_Van Group Title
    Best Response
    You've already chosen the best response.
    Medals 0

    @shadowfiend Interesting! Then how comes when I hacked the client-side in this manner, it went down each time ?

    • one year ago
  22. Sean_Le_Van Group Title
    Best Response
    You've already chosen the best response.
    Medals 0

    @shadowfiend I agree that invisible characters are not resposinble for bringing it down, but you should still remove them, because users can pretend to be other users by appending them. I programmed a simple thing to patch the bug in PHP for you: http://pastehtml.com/view/cu5clntb0.html I still think that I may have been reposonsible for taking OS down because of some of my client-side calls, but maybe not...

    • one year ago
  23. Compassionate Group Title
    Best Response
    You've already chosen the best response.
    Medals 1

    No, Sean, you're not. You look silly. Stop embarrassing yourself.

    • one year ago
  24. shadowfiend Group Title
    Best Response
    You've already chosen the best response.
    Medals 5

    A couple of things: (1) I've not completely ruled out that those actions are bringing the server down, since I don't know what the client-side actions are. (2) I will go so far as to repeat myself, since you apparently didn't read my reply: “Likewise, we explicitly chose not to filter characters. That was because we wanted to allow you folks the expressive power of being able to use unicode characters in your usernames, and because in order to properly avoid all of the username duplication attacks and other such issues that can be caused with unicode, we'd have to eliminate large spans of that possibility. That said, we may start automatically stripping invisible separator characters during username submission.” And, last but not least, we don't use PHP, thank goodness. We use Scala and the Lift framework. That said, your PHP snippet has an htmlspecialchars escaping call that is somewhat orthogonal to the purpose of the snippet.

    • one year ago
    • Attachments:

See more questions >>>

Your question is ready. Sign up for free to start getting answers.

spraguer (Moderator)
5 → View Detailed Profile

is replying to Can someone tell me what button the professor is hitting...

23

  • Teamwork 19 Teammate
  • Problem Solving 19 Hero
  • You have blocked this person.
  • ✔ You're a fan Checking fan status...

Thanks for being so helpful in mathematics. If you are getting quality help, make sure you spread the word about OpenStudy.

This is the testimonial you wrote.
You haven't written a testimonial for Owlfred.