Author: Dann Corbit
Date: 19:17:28 05/24/01
Go up one level in this thread
On May 24, 2001 at 21:48:21, Peter McKenzie wrote:
>On May 24, 2001 at 20:07:26, Dann Corbit wrote:
>
>>On May 24, 2001 at 19:53:53, Steven Schwartz wrote:
>>
>>>On May 24, 2001 at 18:31:43, José Carlos wrote:
>>>
>>>>On May 24, 2001 at 15:17:17, Steven Schwartz wrote:
>>>>
>>>>>We have just completed adding some new features to the CCC,
>>>>>and I have emailed each of you with a description. If you have
>>>>>not received the email, you may wish to use one of the new
>>>>>features listed below to change your email address in the system.
>>>>>
>>>>>One of the new features, my favorite, is the member profile
>>>>>feature. If you look to the right of my name at the top of
>>>>>this post, you will see the word "Profile". Click on that to
>>>>>see mine.
>>>>>
>>>>>If you wish to write your own profile, you may do so now (and
>>>>>you can change it as many times as you wish) at:
>>>>>http://www.icdchess.com/forums/profile.shtml
>>>>
>>>> Just one thing and the profile would be perfect IMO: would it be possible to
>>>>upload a small picture? That way we could see each other's face. I'd find it
>>>>fantastic.
>>>> Anyway, thanks for the changes. They're cool.
>>>> José C.
>>>
>>>
>>>We agree. That is a project which we are working on, but
>>>it will take some time. In the meantime, if you have a
>>>web site or a place to park your picture, you can do what
>>>I did and just put the URL in one of the available lines.
>>>Steve (ICD/Your Move Chess & Games)
>>
>>I would like to point out that such a feature (insertion of a photograph) has a
>>large possibility for serious misuse.
>>
>>You should (especially) disallow gif images, because the gif format can have
>>included program code and would thus be a virus danger.
>
>are you being serious Dann???
A gif image is basically a self-contained program that operates on its own data
stream. That's how things like 'gif animation' are accomplished. For instance,
here is the grammar:
<GIF Data Stream> ::= Header <Logical Screen> <Data>* Trailer
<Logical Screen> ::= Logical Screen Descriptor [Global Color Table]
<Data> ::= <Graphic Block> |
<Special-Purpose Block>
<Graphic Block> ::= [Graphic Control Extension] <Graphic-Rendering Block>
<Graphic-Rendering Block> ::= <Table-Based Image> |
Plain Text Extension
<Table-Based Image> ::= Image Descriptor [Local Color Table] Image Data
<Special-Purpose Block> ::= Application Extension |
Comment Extension
I believe that I could write a gif that will suddenly change the "screen" to be
your bios, and the data that gets decoded could be assembly instructions to
format your hard drive. Won't damage newer systems, but it could wreak havoc on
programs that don't have memory hardware protection.
Besides images gone awry, there are other problems that could surface which seem
fairly obvious to me. I think a pointer to a URL would be better. That way, we
avoid some potential problems.
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.