Habralent rss vs. change Password
Being a well-known paranoid, periodically, wherever possible, I change my passwords. Recently, purely just in case, I changed the password on Habré - as they say, to avoid.
The most fun began after. I generally read my Habralent through rss. And only by the end of the second day I became suspicious. Rss-reader has stopped receiving new feeds with the Habr that is usually very active in this regard. Having started to deal with this issue, I came across a rather amusing thing.
So, we will look at the rss-link habrarenta. It is formed as follows:
habrahabr.ru/rss/lenta/user_name/32_hex_symbol/
Everything is more or less logical. Taking into account the fact that closed friends' topics get into the habralent, you shouldn’t pay special attention to the address of your tape, so the last part of the URL for each user will be specific and difficult to guess. Obviously, this is md5 from some combination of habraimi, password, and perhaps something else (for example, the date of registration).
Everything would be fine, but apparently, instead of calculating this hash once and entering it into the corresponding table, it is calculated dynamically. In accordance with this, immediately after the password is changed, the rss-url of my habranths also changes. Thus, without any additional warnings, I was automatically unsubscribed from my own tape. Agree not the most obvious result. Habradeverews, and thought?
The most fun began after. I generally read my Habralent through rss. And only by the end of the second day I became suspicious. Rss-reader has stopped receiving new feeds with the Habr that is usually very active in this regard. Having started to deal with this issue, I came across a rather amusing thing.
So, we will look at the rss-link habrarenta. It is formed as follows:
habrahabr.ru/rss/lenta/user_name/32_hex_symbol/
Everything is more or less logical. Taking into account the fact that closed friends' topics get into the habralent, you shouldn’t pay special attention to the address of your tape, so the last part of the URL for each user will be specific and difficult to guess. Obviously, this is md5 from some combination of habraimi, password, and perhaps something else (for example, the date of registration).
Everything would be fine, but apparently, instead of calculating this hash once and entering it into the corresponding table, it is calculated dynamically. In accordance with this, immediately after the password is changed, the rss-url of my habranths also changes. Thus, without any additional warnings, I was automatically unsubscribed from my own tape. Agree not the most obvious result. Habradeverews, and thought?
')
Source: https://habr.com/ru/post/8609/
All Articles