JDXI.ini created, how to upload?

8 posts / 0 new
Last post
foxmike
foxmike's picture
JDXI.ini created, how to upload?

Hello,

I created a JDXI-ini to configure the BCR-2000. It contains the sysex-mapping for DigitalSynth 1 and 2 and for the AnalogSynth.

The DigitalSynth mappings are further devided in 3 parts. With this file I created 8 setups to use with my BCR-2000 and extended my JDXI to a great machine.

The Waves and the Filter-Types are mapped directly to the 16 buttons.

I took many inspiration from diverse forums and now I want to give back a little bit...

But I didn't find the Upload-Button :-(

Greetings, Foxmike

 

Mark van den Berg
Mark van den Berg's picture

Hi Foxmike,

Uploading files is a potential security risk, so registering a new account doesn't automatically give the user the right to upload files: only "trusted" users can.
So whenever someone has registered, I try to ascertain (by looking at the user name, IP address etc.) whether this user is "trustworthy". When I'm satisfied, I then assign the "trusted user" role to the new user.
In other words: you were too quick for me...
But I've now given you the "trusted user" role, so you should see "File upload" and "Create a folder" at the bottom of the "user files" pages.

Apologies for the confusion. (I've now added a warning on the "user files" pages that users need to be "trusted" to be able to upload files.)

By the way: the "trusted user" role also gives the user the right to use smileys in posts, since (believe it or not) smileys are also a kind of security risk smiley

   Mark.

BillB
BillB's picture

Do they give away too much of a person's emotional state? cheeky

Mark van den Berg
Mark van den Berg's picture

Haha...
No, presumably that would be some kind of security risk to the poster, which I (being the site owner) of course don't care about at all devil

The actual reason is this:
A smiley in a post at this website is represented by a graphical image (stored at this website), and the underlying code of the smiley in the post refers to this image via a "src" tag.
So "src" tags must be allowed for smileys to be possible.
However, this means that an evil user could include a "src" tag that refers not to a smiley, but to malware anywhere on the web.
So that's why evil users shouldn't be allowed to use smileys, thus shouldn't get "trusted user" status.

   Mark.

BillB
BillB's picture

Aah, thanks for the explanation, although since the posting dialog allows access to the source code, couldn't any amount of nasty links be made - or is it just that the smileys provide a cover for it?  It's really hard to identify evil users when their smileys look so friendly  devil

Mark van den Berg
Mark van den Berg's picture

since the posting dialog allows access to the source code, couldn't any amount of nasty links be made

No.
Of course any user can enter any text in the source code editor.
However, when the user then switches back to the "rich text editor" or presses the "Save" button, a sequence of filters runs, (among other things) removing any disallowed HTML tags.
Which filters run depends on the type of user.
For instance, for an "authenticated user", any "src" tags (and many others) are removed.
But even source code created by a "trusted user" loses quite a few "dangerous" tags.

On the other hand, even an "authenticated user" can include standard web links (via the HTML tag "a" followed by the attribute "href").
However, this is not such a security risk, because someone reading a link-containing post in a browser still has to click that link for any "evil" things to happen.
By contrast, a browser treats a "src" tag (e.g. referring to a smiley) as part of the web page itself, so will normally open/run the resource mentioned in the "src" tag immediately, which is a security risk. Though some browsers can be configured not to open (certain) images, e.g. via an add-on like uMatrix.

foxmike
foxmike's picture

Hello Mark, many thanks for your confidence smiley,

foxmike

BillB
BillB's picture

Mark, thank you for the explanation.  It's complicated, this security stuff, especially when browsers and web standards introduce the security flaws.