Welcome to Inkbunny...
Allowed ratings
To view member-only content, create an account. ( Hide )
Inkbunny

Site Updates - Security Improvements, Donation/Gear Links

We have updated the site to Revision Beta 59.

There were a few important security improvements to the Private Message system that we wanted to push through fast, so this update is focused almost entirely on those. There were also a couple of important bug fixes to the Private Message View page.

Updates

* Added: Donate and Inkbunny Gear links added to top of site menu.

* Added: Private Message contents are now encrypted on disk/database using AES-256 in CBC mode. Not foolproof, but it provides a bit more protection against a variety of common web application and operating system attacks. Please note that moderators can still see your private messages.

* Removed: You can no longer search the message text of Private Messages. Searching by date, sender/recipient and subject still work fine. Content search is not possible now because the messages are encrypted on disk and that prevents the database from being able to index and search them efficiently or securely.

* Added: Moderator accounts are now heavily restricted on how many Private Messages they can view over a set period of time. This allows moderators to do their job but prevents a moderator account being used to harvest large numbers of private messages from the system in the event of an account compromise.

* Added: A few other minor security measures have been added to help prevent moderator accounts being used to harvest private messages in the event an account is compromised.

* Changed: The way the system tracks message threads has been changed to be more efficient, and to allow logging of who has viewed which threads recently.

* Fixed: A bug was causing messages to be marked “replied to” in your inbox even if you hadn't actually replied to that message yet. This would happen if someone messaged you twice in the same message thread before you had a chance to reply for yourself.

* Fixed: A couple of bugs caused the Private Message view to behave oddly when displaying very long threads. When it was collapsing message threads in to the “expand” box, it would sometimes fail to show some messages in the thread even after “expand” was clicked.

* Changed: Private Messages view will now always show the first two messages in a thread, the last two, the “focused” message and one message either side of that focused message. If there are 6 or more messages in the thread before or after the focused message, the excess messages will be collapsed into an expandable box. All this makes the content of long threads much nicer to view.

* Fixed: A bug was allowing the keyword/username autosuggester to pop up even after the target textbox was no longer focused.

* Fixed: The username autosuggester on the Private Message Search page was submitting the search as soon as you clicked a username in the suggestions list. Now it will wait for you to click the Search button after making a suggested username selection.

Please see the complete Site Revisions History for a list of changes to the site since it was launched. That page is getting a bit out of date, but we promise to update it asap. :P

Thanks!

IB
Viewed: 191 times
Added: 11 years, 6 months ago
Site News Item: yes
Commenting Locked
 
drakiskier
11 years, 6 months ago
all good changes!

how would i go about making a suggestion?
Catwheezle
11 years, 6 months ago
"Customer Service - Support Tickets" link at the bottom of the page is where I've been pointed for suggestions in the past.

My comment below is the wrong way to do it - thanks for the reminder. *sighs, goes to post it as a support ticket*
Catwheezle
11 years, 6 months ago
Fantastic - and I mean that without sarcasm. I really love how our security is apparently your primary concern. That you have chosen to remove a useful feature (body-text search) for reasons of security, and to weather the cries of anguish, speaks really well of you.

I imagine it hurt to remove it, but it's a tricky problem. You'd have kept it if you could, but you genuinely care about our security.

One possibility might be [over-complicated suggestion moved to Support Ticket, where I should have put it in the first place.]

I see no easy solution, so I think you made the right call, and I'm really glad you thought about it.
SenGrisane
11 years, 6 months ago
Very nice stuff. Continue with your good work :3
Alfador
11 years, 6 months ago
Excellent work! =^_^=
sedkitty
11 years, 6 months ago
Amazing work, guys. :)
Shokuji
11 years, 6 months ago
Thank you. =)
FerretWilliams
11 years, 6 months ago
All good, but I'm liking the limiting of how many pms a mod can read in a certain amount of time the most. Great way to prevent a compromised account from being abused too much is to only give mods the abilities they need.
New Comment:
Move reply box to top
Log in or create an account to comment.