It has come to my attention that yilmaz has copied some mods from a vB mod developer without permission and claiming them as his own. I investigated and checked his published mods on vb.org and to my surprise, he also stole (at least 2 that I'm aware of) some of my mods! And the GIPHY mod for vB5 is one of them. The other one is an "unreleased-but-installed-here" mod for Customer Testimonial module.
I recommend you to be cautious in installing yilmaz mods. For the GIPHY mod, he made slight modifications to my code that have security implications. He made use of an unapproved public beta GIPHY API key dc6zaTOxFJmzC (which is provided by Giphy and supposed to be used only for testing) and he used it in Javascript. He should have informed the forum owners to request a production GIPHY API key as I did for my mod instead of taking a shortcut and using and hardcoding a beta key. See below's Giphy's documentation on the use of public beta key:
For more details, please see https://giphy.api-docs.io/1.0/welcom...s-and-api-keys
Even if you replace the beta key with an approved production API key, it would be a security concern because the API key is exposed in Javascript which means anyone can easily find out the GIPHY API key you're using and use it on their own without your knowledge. API keys should be treated like passwords. Usage of API keys is subject to rate limit constraints so if you're using a public beta key or someone else is also using your exposed production API key, then at some point, the GIPHY mod on your forum will stop working if the rate limit is reached sooner than expected.
Just to be clear, I'm not saying that all of his mods are not his original work. My point is if you're going to re-publish someone else's work, be sure to credit the original developer instead of claiming other people's hard-earned work as if it's yours.
Btw, few hours after replying to his 2 mods on vb.org, the 2 mods had been taken down. I don't know who took it down because I also contacted one of the Admins on vb.org.
I recommend you to be cautious in installing yilmaz mods. For the GIPHY mod, he made slight modifications to my code that have security implications. He made use of an unapproved public beta GIPHY API key dc6zaTOxFJmzC (which is provided by Giphy and supposed to be used only for testing) and he used it in Javascript. He should have informed the forum owners to request a production GIPHY API key as I did for my mod instead of taking a shortcut and using and hardcoding a beta key. See below's Giphy's documentation on the use of public beta key:
Originally posted by Giphy
Even if you replace the beta key with an approved production API key, it would be a security concern because the API key is exposed in Javascript which means anyone can easily find out the GIPHY API key you're using and use it on their own without your knowledge. API keys should be treated like passwords. Usage of API keys is subject to rate limit constraints so if you're using a public beta key or someone else is also using your exposed production API key, then at some point, the GIPHY mod on your forum will stop working if the rate limit is reached sooner than expected.
Just to be clear, I'm not saying that all of his mods are not his original work. My point is if you're going to re-publish someone else's work, be sure to credit the original developer instead of claiming other people's hard-earned work as if it's yours.
Btw, few hours after replying to his 2 mods on vb.org, the 2 mods had been taken down. I don't know who took it down because I also contacted one of the Admins on vb.org.
Comment