It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussion (archive)Serious bug in the forum : seeing other account(90 posts)(90 posts)
(90 posts)
Pages:
1
2
3
4
5
6
This is my favourite topic
Posted May 17, 2012
avatar
Elenarie: Nobody wants to play with me. :(
Actually, I did briefly get a screenshot of your account, but it just had a big message saying Error 37!
Posted May 17, 2012
avatar
Elenarie: Nobody wants to play with me. :(
avatar
wpegg: Actually, I did briefly get a screenshot of your account, but it just had a big message saying Error 37!
HAHAHAHHAHAHAHAHHA! :D Made me LOL.
Posted May 17, 2012
Has anyone experiencing this bug gained access to anything significant? It's worrying that this is possible at all. But it if happens on account pages that's a whole other level of WTF.
Posted May 17, 2012
Received an "failed to connect to upstream" error message few seconds ago, while refreshing the Community Discussion page.
Posted May 17, 2012
By the way, sometimes when I refresh or open a forum page, GOG says I am logged out. Then, we I click a forum link or GOG link, I am logged in again.
Posted May 17, 2012
avatar
Psyringe: I'm not sure if you can actually access other users' messages and/or game lists. We don't have any report yet of that being possible. And didn't someone report that the bug went away after clicking on "My Account"?

But I agree. As long as the exact nature of the bug has not been determined, it probably _would_ be better to take the server down until this is fixed. Better safe than sorry.

So far, it also seems that this is a cache issue, so users could protect themselves by not using the site until this is fixed (if they aren't using the site, then their info never gets loaded into the cache, and then nobody else can hit it due to the bug).
avatar
wpegg: There was actually an element of sarcasm to my post. I'm of the opposite opinion. At most they just need to switch off their caching and take the increased server load. However I don't see any significant exploit being exposed beyond accidentally seeing someone's shopping cart.
Hmm, seems I need to fix my sarcasm detector. It's relying far too much on smilies for detection. ;)

I kind of assumed that the options right now are "do nothing" or "pull a plug" - in which case I'd opt for "pull the plug". While it's _probably_ no serious exploit possible, we can't say for sure. So there's a residual risk, which is small, but the potential damage in a worst-case scenario is pretty large. Small risk times high damage still equals considerable danger. Of course, if other options like "have trained personnel look into it" are available, then those would be preferable.
Posted May 17, 2012
avatar
gameon: http://www.gog.com/en/forum/general/serious_bug_in_the_forum_seeing_other_account/post46
Then this is one time I really do hope GOG take their site down for a while to sort this out.
Posted May 17, 2012
WTF!? Is someone playing with my account right now? The theme keeps changing from darker to lighter, and back again.

EDIT: Or probably, the "http://www.gog.com/en/forum" page changes themes every time I click around the Community title. That's probably it, can reproduce it now.
Post edited May 17, 2012 by Elenarie
Posted May 17, 2012
avatar
Psyringe: I kind of assumed that the options right now are "do nothing" or "pull a plug" .
I think that hitting the kill switch would require getting someone up anyway, so they may as well just revert their changes instead.
Posted May 17, 2012
Is it possible that I'm the only one that's not affected by issue?

Also did you guys try logging out and in again?
Posted May 17, 2012
avatar
IronStar: Is it possible that I'm the only one that's not affected by issue?

Also did you guys try logging out and in again?
nah. I also as i said before don't experience the bug. good that i don't use gog pm system for notes so no harm if somebody reads anything.
would be pain in the ass trying to explain what i have there if it was a different forum :)
Posted May 17, 2012
avatar
gameon: What if someone bought gifts, but none of them were redeemed. (in my games gifts section) if there are codes in there or on pm, someone could steal them if they had the access.
Hello all,

The bug some of you were experiencing is related to the caching solution that we're currently testing and tweaking. Apparently for some users it was delivering a wrong (old) html of a publicly available page (one that's the same for everyone). In the worst case it meant that you might see a random avatar and a wrong cart on top, but there are no user details there and you cannot make any changes to it either as it's a cached thing (think read only).

More importantly, all your personal data and content (your games, PM's, order details) is safe here, as it is always delivered over a secure connection and is also NOT cached, therefore nobody can see your games or messages because of the bug outlined above.

Last but not least, for the time being, the caching solution will be taken down, until we can nail the issue.
Posted May 17, 2012
avatar
Destro: ...
Yey, thanks for the post.

But, more importantly, "Registered: April 2007"? Is that another hack that you guys use to fool us around, or did the development of GOG start around that time?
Posted May 17, 2012
avatar
Destro: ...
Thanks Destro.
Posted May 17, 2012
avatar
Destro: (...)
Thanks for the detailed explanation - and for looking into this bug, in the middle of the night.
Pages:
1
2
3
4
5
6
This is my favourite topic
Community
General discussion (archive)Serious bug in the forum : seeing other account(90 posts)(90 posts)
(90 posts)