Please tell me this is not a serious problem

[Alexi Raynier]

I logged into the forums under a different name and password, and as you can see Alexi Raynier is the name I am under now.  If you core server were working well and you database was performing correctly this would not have happened.  Fortunately, this poses no security threat to me, but the fact that the core server somehow confused two names and passwords I do not find very comforting, and seriously wonder about what other security issues we are not seeing here.  Under a well working and reliable database system this would not happen, and here we have visible proof that the SL core server and apparently database is seriously compromised, and I feel fortunate that the problem has not advanced to the point where rather than getting this name I got that of a stranger, or worse yet a stranger got access to my account though this type of error.  This alone should be cause for alarm for LL but given their past reactions I doubt they care or will bother to notice.

[Nalates Urriah]

It sounds like you think you are talking to the Lindens. You are talking to other users of SL.

The problem is in your cookies. Clear all the cookeis out and try your experiement again.

Also notice the servers you are connecting too. The Community server will ask about cookies different than what the ID server asks for. Don't be surprised that it gets confused with alts. I can log into SL with the viewer with one AV and the forum with a different AV... at the same time.

It should be possible for Mom, Dad, big brother, little bother and baby sister to all login from different computers in the same house using the same IP address and have everything work well for them. They try to keep track of things via cookies spiked into the individual computers.

[Alexi Raynier]

This is the real Alexi Raynier and I have been trying to log in for three hours now so the above did not come from this account, but I am assuming it is a serious concern as at the very least it is a potential breach in security and indication that there are problems in the core server.

[Lydia Craig]

Somehow I do not think that if you take the trouble to establish a user id and password standard for a forum you would then rely on a cookie from a users account to verify it, and if you do I am now a lot more worried than I was previously.

[Perrie Juran]

It has to do with the way log ins are done here.

See this thread:

http://community.secondlife.com/t5/General-Discussion-Forum/Security-Flaw-In-The-Second-Life-Web-Site/m-p/1279015/highlight/true#M41407

[Ayesha Askham]

I must say that this is a seriously worrying topic to me.  I practice what I thought was considered good Internet Security, in that I ALWAYS log out of a site if I have logged in, even different parts of the Secondlife operation.

However

On a few occasions when posting to a thread i have hit "reply" and found myself logged in.  Now I had at no point on these occasions previously logged in to any point of the SL website, but I have my login ID saved on my viewer (I am the only one ever to use this PC and I have no alts), so I must assume that my SL viewer login is being used on these occasions.

What puzzles me is that it doesn't happen with any great frequency, is in no way predictable and only happens on the forum, not the JIRA (I don't use that badly malfunctioning Marketplace).

So I must assume that it is some function in the Forum software that allows this.  BTW I use IE9 browser.

 

Oh and @Nalates, I know they probably never read these threads but some folk still believe that employees of Linden Lab take some notice of what is said on these fora.  Naiive, maybe, but not, in my opinion, unreasonable.:smileytongue: