MonoX support board

Start the conversation, ask questions and share tips and solutions with fellow developers.

Non-registered users can only browse through our support boards. Please register now if you want to post your questions. It takes a second and it is completely free. Alternatively, you can log in without registration using your credentials at major sites such as Google, Microsoft Live, OpenId, Facebook, LinkedIn or Yahoo.

Pumping up reputation artificially  (Mono Support )

Viewed 4569 time(s), 2 post(s) 2/15/2013 7:06:27 PMby Zoomicon
Zoomicon

Zoomicon

2/15/2013 7:06:27 PM
I noticed on our older version (still trying to upgrade) of MonoX at http://social.clipflair.net that when you press the "mark as answer" in the forums multiple times the reputation of that person keeps growing. I think it's been fixed at newer versions to show unmark as answer instead or something, but wonder if one (say a moderator) can exploit this to pump up reputation by sending forged requests to mark as answer (bypassing the UI or editing the UI on the fly with web developer tools of browsers).

The backend should include extra sanity checks like say if there's a method called MarkAsAnswer(somePostId) to check first if already marked and do nothing (and not just expect the UI to work since the UI runs on the client and can be tweeked by end users).

This might be important in other places of the site security-wise too
This content has not been rated yet. 
2793 Reputation 345 Total posts
khorvat

khorvat

2/18/2013 2:06:53 PM
Hi George,

yes we have fixed the Mark as answer issue in one of the builds, now you have the unmark in place. As for the security issue you mentioned we do check this on server side so no moderators can pump up reputation.

Let me know if you are still concerned about this functionality.

Regards
This content has not been rated yet. 
15993 Reputation 2214 Total posts