Create Account

Verification for TPE tasks is insecure.
#16

06-20-2020, 06:55 PMst4rface Wrote: They can probably see IP addresses aswell. At least they should, I think.

It is an option in google forms but, for all those curious, I turn this option off for all the forms I put out; we don't need to collect that stuff

[Image: ekovanotter.gif]
thanks @Carpy48 and @frithjofr and @rum_ham and @Julio Tokolosh and @Briedaqueduc for the sigs
Armada Inferno norway
Reply
#17

I know I can't speak for everyone, but I always submit my answers in the Google form before posting my verification word. So even if you made another post citing my name and verification word, it would come after my original submission so it wouldn't be hard to figure out that the false one is the one submitted after mine. It also seems like a lot of work to try and sabotage someone for virtually no gain. As Hotdog said with predictions, there is a good chance you would make them have a right guess. Also feels like someone would have to go out of their way with much more effort to do this sort of thing.

[Image: spartangibbles.gif]
[Image: qGhUIfY.png]  Outlungus   Usa Monarchs  [Image: PlcJv9V.png]
Reply
#18
(This post was last modified: 06-20-2020, 09:21 PM by grok.)

06-20-2020, 05:37 PMTheHockeyist Wrote:
06-20-2020, 05:33 PMWally Wrote: All I’m trying to say @TheHockeyist is that all we need is a simple modal that captures answers per our site login, stores it and then spits out results based on the game out comes. Trying to find a secure measure of an insecure form is counter-intuitive. So if you are trying to say do something different, I agree. If you are brainstorming fixes, well I can tell you about ten ways to prove more than just google forms could be exploited.

Definitely. If we have programmers on the site, they should be getting ideas right about now.

As someone who prioritizes and organizes work for software developers for a living...

  1. The probability of this type of attack is near zero.
  2. The level of effort to initiate this type of attack is very high
  3. The material gain of this type of attack is extremely low--in fact nearly negligible
  4. The probability of this type of attack being detected is nearly 100%
  5. The level of effort to fix a destructive use of this type of attack with business practices only is nearly zero
All together, the five points above illustrate an attack that is low impact, high effort, and easily fixed with non-development work. In my line of work we say this type of issue "adds limited value". I don't decide what gets worked here, but IMO this kind of issue is not worth fixing over other major development issues facing the league (Index, boxscores, other FHM export reliability and usability questions), especially when it's impacts are so trivially fixed by the PT team


Reply
#19

06-20-2020, 08:00 PMhotdog Wrote:
06-20-2020, 06:55 PMst4rface Wrote: They can probably see IP addresses aswell. At least they should, I think.

It is an option in google forms but, for all those curious, I turn this option off for all the forms I put out; we don't need to collect that stuff
Well, I think there is no need for that now. If there would be some trouble or cheating, then it could help, but now I think everything is safe. Thank you for response! Smile

Stars Stars Stars
[Image: aumy3.png]



Reply
#20

06-20-2020, 06:19 PMPremierBromanov Wrote: As far as security goes, you're talking about robbing a gas station for 1 dollar. I guess you can do it, but the gain isn't worth it, and you'd be discovered easily.

I feel like you could accomplish much more nefarious things with the effort described in this thread to pull off this TPE heist

[Image: Grapehead.gif]
TY NOKA AND VALOR FOR THESE WORKS OF ART
Player Page | Update Page




Stars Battleborn Czechia
Reply




Users browsing this thread:
1 Guest(s)




Navigation

 

Extra Menu

 

About us

The Simulation Hockey League is a free online forums based sim league where you create your own fantasy hockey player. Join today and create your player, become a GM, get drafted, sign contracts, make trades and compete against hundreds of players from around the world.