Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 13 Oct 2008, 08:36
oasi oasi is offline
 
Join Date: Mar 2008
It's safe to overwrite the username value?

We're trying to implement an alias feature, to give our registered users (their login value is fixed by the organization, but they want to give them the possibility of posting more "anonymously") the possibility of appearing on screen with their alias, so only the administrators can know which username is behind an alias.

We've tried an existing plugin, but it doesn't cover all the range we want (forums list, threads, user's page ...).

We also tried to modify some templates to show the alias instead of the username, but there are lots of templates, and some variables not easily accessible (e.g. the lastposter values).

So, we've thinked on overwriting the username value in the fetch_userinfo hook with the alias value we store in a custom field.

It seems to work in most places (not fully tested), and we think that it could be fine, because most of the DB tables work with the userid value, not the username, but we would be pleased if some developer or expert could give their opinion about the security of this method.

Thanks in advance.
Reply With Quote
  #2  
Old 13 Oct 2008, 10:10
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
I would not consider this safe without extensive testing.
__________________
Marco van Herwaarden
Ex vBulletin.org Coordinator
Reply With Quote
  #3  
Old 15 Oct 2008, 10:52
oasi oasi is offline
 
Join Date: Mar 2008
Thanks, we're going to test it extensively...

At this moment, we've a little problem, when we log out, the cookie value for username (the username value set by default when you enter to the forum without being logged in) is set to the alias value, due to this modification.

I've been looking to the hooks, trying to figure where the cookie is set, but I'not been able to find it... somebody knows where it happens?
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 12:23.

Layout Options | Width: Wide Color: