{"id":31,"date":"2007-05-19T08:52:00","date_gmt":"2007-05-19T08:52:00","guid":{"rendered":"http:\/\/codeinmybug.wordpress.com\/2007\/05\/19\/rediffmail-bug-anyone-interested\/"},"modified":"2008-05-07T15:15:07","modified_gmt":"2008-05-07T09:45:07","slug":"rediffmail-bug-anyone-interested","status":"publish","type":"post","link":"https:\/\/projectbee.org\/blog\/archive\/rediffmail-bug-anyone-interested\/","title":{"rendered":"Rediffmail Bug. Anyone Interested?"},"content":{"rendered":"

The title may lure you to assume that I am going to talk about some security bug. Well, I am not… or I’d rather say I haven’t yet thought of any ways to exploit it. If you come up with something, do let us know.<\/p>\n

Now back to the topic.
\nAlmost all the huge players are now moving to the AJAX arena. They are in fact coming up with new technologies like Silverlight, Apollo, JavaFx. I am personally not a very big fan of AJAX, but then it doesn’t make any difference. I am, however, interested in these new athletes, particularly JavaFx.<\/p>\n

One of the major concerns of any AJAX programmer, IMHO, should be to take care of a situation where the user DOES NOT HAVE or DOES NOT WISH to use Javascript. It should be a growing concern when we have plugins like NoScript <\/a>(Oh! I Love it.) and we have reasons to use it. Apart from the security concerns, it blocks most of the stupid ads that I am not interested in.<\/p>\n

Bottom line, there should be a minimal interface to fall back to (like the one GMail has). The rediffmail coders have done the same and provided a…. ummmm BackUpInterface thingy. However, they probably forgot that the *thingy* is there because the person’s browser DOES NOT SUPPORT Javascript.<\/p>\n

My Story, My Words:<\/span>
\nI used the NoScript plugin to forbid rediff.com domain, opened the site rediffmail.com, entered userid and password… and said… Khul Ja Sim Sim<\/span>. \ud83d\ude42<\/p>\n

Bingo I was in and was able to read my mails without any fuss. Then I decided to delete some mails… wait a sec! What the heck!
\nI am not able to.
\nMove mails??? Nopes.
\nCompose? Okay.
\nSend?? Sorry.
\nSave Draft? Sorry.
\nCancel??? Sorry. \ud83d\ude41<\/p>\n

I concluded that all that looks like a Button uses javascript. However, the links were, fortunately or unfortunately, working.
\nThe Logout<\/span>‘s like a link. So it’d obvoiusly work.
\nclick.. click.. <\/span>click<\/span>click<\/span>click.
\n<\/span>What the Heck!.
\nLogout <\/span>operation calls some javascript function do_logout()<\/span>.<\/span>
\n<\/span>
\nSo basically, if I am an average internet user and do not have javascript, I’d log into my rediffmail account, read mails, try composing but won’t be able to send… and worse, I won’t be able to logout. Not understanding anything, I might close the browser window.
\nAnd what if I am at a cybercafe???<\/p>\n

I am sure there is way to revive the session even if the browser window is closed (I remember reading of some similar old Yahoo! bug). If you’re interested, take on from here. \ud83d\ude42<\/p>\n

Now for the other people. I would really like to know how many people actually have a rediff aaccount and actually use it .
\nI have one too… and I login in… say a month.
\nI am not at all blaming rediffmail service (Okay! A little :D), I am just interested in the figures.<\/p>\n","protected":false},"excerpt":{"rendered":"

The title may lure you to assume that I am going to talk about some security bug. Well, I am not… or I’d rather say I haven’t yet thought of any ways to exploit it. If you come up with something, do let us know. Now back to the topic. Almost all the huge players … <\/p>\n

Continue reading “Rediffmail Bug. Anyone Interested?”<\/span><\/a><\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[9,10,24,29,33,46,47,168,167],"tags":[44],"class_list":["post-31","post","type-post","status-publish","format-standard","hentry","category-bug","category-code","category-hack","category-irony","category-loophole","category-review","category-script","category-security","category-webappsec","tag-rating"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pf2XR-v","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/projectbee.org\/blog\/wp-json\/wp\/v2\/posts\/31","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/projectbee.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/projectbee.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/projectbee.org\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/projectbee.org\/blog\/wp-json\/wp\/v2\/comments?post=31"}],"version-history":[{"count":0,"href":"https:\/\/projectbee.org\/blog\/wp-json\/wp\/v2\/posts\/31\/revisions"}],"wp:attachment":[{"href":"https:\/\/projectbee.org\/blog\/wp-json\/wp\/v2\/media?parent=31"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/projectbee.org\/blog\/wp-json\/wp\/v2\/categories?post=31"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/projectbee.org\/blog\/wp-json\/wp\/v2\/tags?post=31"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}