@beachthunder said:
I assume it's this:
https://www.giantbomb.com/shows/game-of-the-year-2018-day-one-deliberations/2970-18651
https://www.giantbomb.com/shows/game-of-the-year-2018-day-two-deliberations/2970-18652
https://www.giantbomb.com/shows/game-of-the-year-2018-day-three-deliberations/2970-18653
https://www.giantbomb.com/shows/game-of-the-year-2018-day-four-deliberations/2970-18654
...
No need to even change the 'game-of-the-year-2018-day-x-deliberations'-segment. It does nothing and it's just there to make the url's look nice. For example: https://www.giantbomb.com/shows/dan-ryckerts-christmas-torture-special/2970-18665
Man, I can't say I'm surprised because there are some real losers out there, but that's really pathetic and sad that someone had (1) that much time on their hands during the holidays and (2) that much of a desire to ruin things for complete strangers that they've never met.
You don't need to be some hacker to do this, anyone with a bit of curiosity and some basic technical know-how will just glance at the url for a second - see the unique post id and test increasing the number to access unpublished content.
@dudeglove said:
The staff really don't need to go to the additional trouble of obfuscating the URLs or temporarily 403ing the content, and even then I don't see things changing as jerks will still find a way to get around it. Their schedule is manic enough as it is.
The post have a publish date set, configuring the page not to make any posts load for non-staff members before the publish date has passed is very, very basic stuff. It's standard practice and it's baffling that a team of experienced professional developers did not consider this.
Log in to comment