Erin, you and I have discussed aspects of this several times in the past, and I'm sure we will again in the future. (I'll comment on the JIRA issue - thank you for filing it.) However, irrespective of my opinions on the matter, these issues are related to neither the viewer nor any other open source projects, so not suited to this mailing list. The Profiles team is keeping a close eye on the my.secondlife.com component of the WEB project and has been rapidly turning around fixes in response to filed issues. As such, JIRA is definitely the best place for these issues to be discussed (ideally as individual issues, rather than all lumped into one).
-- Yoz On 11 January 2011 20:48, Erin Mallory <angel_of_crim...@hotmail.com> wrote: > some of us were using html to cover up the darn twitter and facebook > widgets.... > > security issues: the twitter widget and facebook like button you cant get > rid of. > security issue: if you want your profile visible in SL or at least > searchable it HAS to be open to the entire world... (only gets protected by > passord if you remove it from search > security issue: RL tab is displayed ON THE WEB ... that alone is > frightening > security issue: people are already linking in other peoples profiles into > webpages, facebook, even other applications now. > Security issue: with html scrubbed from the text you cant hide profiles, > even locked ones from bots, or cover up the facebook and twitter widgets. > Seucrity issue: many groups that should be hidden in the profile by group > preferences are still being show. > > preference issue: many users do NOT want their profiles shown ANYWHERE but > in the game. > preference issue: many users do not like the facebook feel > preference issue: many users like having the partner, payment info, etc > displayed. > preference issue: most users would have preferred seeing web bugs fixed > then resources wasted on facebook style profiles because a few web monkeys > think that they will attract a few teenagers into SL. > > within moments of creation https://jira.secondlife.com/browse/WEB-3494 has > already gotten votes as have many other issues related to getting rid of > these new profiles. > > > > Date: Tue, 11 Jan 2011 19:54:00 -0800 > > From: kadah.c...@gmail.com > > To: opensource-dev@lists.secondlife.com > > Subject: Re: [opensource-dev] web profiles. > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > If its about the possible XSS and html injection, that was fixed today. > > All profile text info gets escaped now. > > > > On 1/11/2011 7:47 PM, Simon Quinnell wrote: > > > How about you specify the security and privacy issues? No-one here is a > > > mind reader. > > > > > > On Wed, Jan 12, 2011 at 1:05 PM, Erin Mallory > > > <angel_of_crim...@hotmail.com <mailto:angel_of_crim...@hotmail.com>> > wrote: > > > > > > because of security and privacy issues with the new profiles can we > > > please have option to keep the older ones until someone with the > > > profile team gets their act together? > > > > > > seriously, these new profiles are creepy. > > > > > > _______________________________________________ > > > Policies and (un)subscribe information available here: > > > http://wiki.secondlife.com/wiki/OpenSource-Dev > > > Please read the policies before posting to keep unmoderated posting > > > privileges > > > > > > > > > > > > > > > _______________________________________________ > > > Policies and (un)subscribe information available here: > > > http://wiki.secondlife.com/wiki/OpenSource-Dev > > > Please read the policies before posting to keep unmoderated posting > privileges > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.10 (MingW32) > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > > > iQEcBAEBAgAGBQJNLSXYAAoJEIdLfPRu7qE2c1UIALye/0KE3XRvTxSS7ZhBW0i/ > > kE857hMOK8B9sbvbN08m8af8oas30cfIl/a/XvY8Fhf49tMrMlPC28X0OID1DtOs > > Dt50xkHTp56YqsmMHzcCRHgJN8lb6IonbX44U1VHah8/NEYQ7EejMuyBpnD9Wjvg > > KPUDsQOBl4vVhaJQ6GHbRQe54PpUzBnWpyecdZ8AvCldLk8L0KJAKVGMVXAKQSpe > > cFAZUo343UAA6Q15Ymoug4MTN4Z8s3snsL0llIF/XGD71H90KYL9cnxtbj7BmZus > > G8E3xpdUgPQGXkIwqKQUrZMQlOcINIUo4YuKyE+mK+Sdy6z9B9yOp1kecI70MFE= > > =djz5 > > -----END PGP SIGNATURE----- > > _______________________________________________ > > Policies and (un)subscribe information available here: > > http://wiki.secondlife.com/wiki/OpenSource-Dev > > Please read the policies before posting to keep unmoderated posting > privileges > > _______________________________________________ > Policies and (un)subscribe information available here: > http://wiki.secondlife.com/wiki/OpenSource-Dev > Please read the policies before posting to keep unmoderated posting > privileges >
_______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
