Khalid (khalidz0r) wrote in lj_dev,

Meme Tracker and some few concenrs

I have noticed the Meme Tracker only today by chance while looking through LiveJournal's source code. It is a very interesting and amusing thing, but I have few things to note about it:

The first issue is basically a text mistake, and since it is hard coded I believe it is to be mentioned here. The heading is Top 40 Memes, while there are 100 meme's in the list.

The second is a security related concern. When a user updates their journal with a public entry containing a URL, this URL will be added to the meme table, while in a private or protected entry, the URL obviously won't be added. This is correct, however, what happens when someone changes the security level of their entry during an edit, or more, delete the entry.

The newly turned public entries containing URLs will not have those URLs added to the table, which is ok, but those turned protected will also suffer no change, thus having protected information available to those who shouldn't view it.

Adding and removing from the meme table is an idea of a solution. However, this also has a slight problem, which is that the meme table is designed to remember the last post containing the URL (Due to the usage of MySQL's REPLACE). If that is removed, someone who is posting this URL over and over will have it removed from the table with one deletion of a journal or change of its security. Even now, if a user posts a URL in a public post, and then the same URL in a public post that gets turned private later, the meme table will point at the private entry.

My solution would be using INSERT instead of REPLACE and using DISTINCT queries, but that could be too much work for almost nothing.

Anyway, I only wanted to point it out because of the conversion from public to protected. Many people wouldn't like to see their names stick with links they chose later to have on private only.

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded