Una vez más, Abaphenyi begeyimu yevidiyo bathole inqubo "emisha" yokweba imininingwane ebucayi (spoofing) owenza umsebenzi omuhle kakhulu wokufihla izinhloso zabakhwabanisi.
Njengenye yamapulatifomu wokusabalalisa edijithali amakhulu kakhulu emidlalweni yevidiyo, iSteam ifaka izinto ezahlukahlukene zomphakathi ze-UX, ezinjengezinhlu zabangani kanye nekhono lokushintshanisa izinto zomdlalo nabanye abasebenzisi.
Ngenkathi lokhu kugxila okuqinile emphakathini kusize iSteam ukugqama emakethe eminyene, futhi kushiya abasebenzisi bevulekele imikhuba ekhohlisayo.
Isidingo sokubhekwa endaweni yesikhulumi saphinde saxwayiswa ngempelasonto, nini Isitshudeni esineminyaka engu-22 ubudala esenza isayensi yamakhompyutha esigama elithi 'Aurum' sinikeze imininingwane ngomkhonyovu omusha wobugebengu bokweba imininingwane ebucayi beSteam.
Iwebhusayithi yokweba ama-akhawunti we-Steam
Ngokusho komcwaningi, isiza sobugebengu bokweba imininingwane ebucayi asizamanga nje ukukhohlisa abasebenzisi ngesitifiketi se-SSL esivumelekile, kodwa nocezu oluncane lweJavaScript elizokhiqiza iwindi le-pop-up elisho ukuthi iseva yayilayishwe kakhulu futhi icela isisulu ukuthi singene ngemvume nge-akhawunti yaso yeSteam. ukufinyelela esizeni.
Ngamazwi ka-Aurum uchaza ukuthi wakubona kanjani lokhu:
“Ingxoxo ibibonakala iqondile, umkhonyovu ubefuna ukunginikeza ukuhweba okusobala ukuthi kunenzuzo (bebelokhu bezama ukungifaka kwi-Discord ngasizathu simbe).
Ngasekupheleni kwengxoxo "yezohwebo", ngacelwa ukuthi ngingene kuwebhusayithi elula yamanani we-Steam ukuze bakwazi ukuthola ukuthi izinto zami zibiza malini.
Isiza sobugebengu bokweba imininingwane ebucayi, https://tradeit.cash. Le webhusayithi beyiyikhophi ye-Steam iwebhusayithi esemthethweni, https://skins.cash. "
Noma kunjalo imikhonyovu idale okuzivelelayo okubukeka okusemthethweni, I-Aurum ithole ukuthi ayiphumelelanga ezimweni ezimbili ze-Chrome kubha yomsebenzi, nokuthi "kwakuwindi elilodwa nje ngaphakathi kwewebhusayithi yobugebengu bokweba imininingwane ebucayi."
"Bebenze nezinkinobho ezithile zezinto ze-Chrome UI," esho. "Lokhu kuqinisekiswe ngenkathi kuzanywa ukuchofoza kwesokudla endaweni yebha yesihloko ewindini le-pop-up, evule imenyu yokuchofoza kwesokudla yekhasi lewebhu."
Abaduni bathathe isikhathi futhi "bayahlupha" ukusingatha isiza sabo sobugebengu bokweba imininingwane ebucayi ku-CloudFare futhi bakhethe nokusebenzisa isitifiketi se-CloudFare SSL ukusenza sithembeke ngangokunokwenzeka.
Ubugebengu bokweba imininingwane ebucayi buqale nge-pop-up ekucele ukuthi ufake i-Steam, ethi isayithi "lobugebengu bokweba imininingwane ebucayi" belilayishwe ngokweqile.
Mayelana newebhusayithi mbumbulu
Isiza Sokuheha Ubugebengu kusebenzise inqubo yobugebengu bokweba imininingwane ebucayi esithombeni ukulingisa isikrini sokungena se-OpenID ngaphandle kokwehluleka.
U-Aurum wezwa ukuthi kukhona okungahambi kahle, njengoba isiza abekholelwa ukuthi belingelona iqiniso kwasekuqaleni belivula i-pop-up yokungena ngemvume ye-OpenID Steam.
Ukuhlaselwa kwalolu hlobo ngokuqinisekile akuyona into entsha. Indlela efanayo ichazwe kulo mbhalo kusukela ngo-2007.
I-Steam isivele ifaka umhlahlandlela onemininingwane ohlose ukusiza abasebenzisi ukugcina ama-akhawunti abo ephephile.
Isayithi okwamanje ayixhunyiwe ku-inthanethi ngoba irekhodi le-DNS lisuswe cishe emahoreni ambalwa edlule.
Kodwa umsebenzisi uthole isifinyezo sesayithi nayo yonke ikhodi ngaphambi kokuba isuswe, futhi ngithathe inkululeko yokuyabelana ngeGitHub. Isixhumanisi yilokhu.
Yikhodi elula impela, ekugcineni.
Abaduni bakopishe isiza sebhizinisi esisemthethweni, kanye nekhasi lokungena ngemvume le-Steam Community, base bengeza ikhodi yeJavaScript kubo bobabili, kanye nokwenza i-HTML kancane.
Sekukonke, kungezwe amazwibela amathathu we-JS: owokuqala uthola ukulungisa iphutha (intwana etholile iphosta yebhulogi yoqobo), eyesibili ivula isiphequluli esingamanga futhi inamathisele ikhasi lokungena elingamanga ngaphakathi kwe-iframe, kuthi eyesithathu (egijima ku-iframe) iqoqe izifakaziso ezivela ekhasini kusuka Ukungena ngemvume kwe-Steam kukopishiwe.
Njengoba ugogo wayevame ukusho, ubuhle bulula. Ilula, iyasebenza futhi yinhle, ucezu lwekhodi.
Ngifunde i-athikili ephelele… Futhi yini ehlobene ne-linux?