Hey. I've been following your blog and the updates. I'm really grateful to them! They've helped keep me in the loop. I'm still a little confused as to whether LJ has officially stopped this. I can say that I did do a little digging and try to find out with some personal research.
It's a long comment, so basically, tl;dr: Turns out you can access a public entry edit page with the simple edit entry url for each entry, but not private, friends only, profiles, or inboxes NOW as far as I can tell. What things were like before is another story...
The longer story:
I have a few old journals I no longer use on LJ that were perfect for such a cause. We shall call them APost and AView. I use AView to try to look into APost entries. APost is a blank journal I created a while back but never used. I made 3 entries, one public, one private, and one friends only.
I tried to access each one with the standard edit entry URL and gained access to ONLY the public entry in APost.
However, it does NOT allow me to change ANYTHING on APost. Everything is sort of grayed out. It will NOT allow me to even view the private and friends only entries. Thank goodness!
I also tried accessing the edit profile URL for my test account and it came up with an error saying I couldn't be verified as the user. Trying to access a message from my inbox came up with that error too.
Both journals are on different servers.
I tell you this information in hopes that it might somehow bring some insight to anyone who still worries about this security breach.
However, I should also mention that looking at the login information under manage/logins.bml on the APost does NOT show that I "logged in". In fact, when I was viewing APost through AView, it showed me as if I was trying to edit a post in a community oddly enough. Specifically it says:
Poster: [userhead image] in community [userhead] [APost]
It also shows AView's userpic but does not list AView as the poster. It's just a userpic.
It will be nice to see if LJ makes any further comments regarding this issue.
Sorry for making this comment so long. I actually have screenshots of everything too if you want to see them/things are too difficult to understand here.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2011-10-30 02:59 am (UTC)It's a long comment, so basically, tl;dr: Turns out you can access a public entry edit page with the simple edit entry url for each entry, but not private, friends only, profiles, or inboxes NOW as far as I can tell. What things were like before is another story...
The longer story:
I have a few old journals I no longer use on LJ that were perfect for such a cause. We shall call them APost and AView. I use AView to try to look into APost entries. APost is a blank journal I created a while back but never used. I made 3 entries, one public, one private, and one friends only.
I tried to access each one with the standard edit entry URL and gained access to ONLY the public entry in APost.
However, it does NOT allow me to change ANYTHING on APost. Everything is sort of grayed out. It will NOT allow me to even view the private and friends only entries. Thank goodness!
I also tried accessing the edit profile URL for my test account and it came up with an error saying I couldn't be verified as the user. Trying to access a message from my inbox came up with that error too.
Both journals are on different servers.
I tell you this information in hopes that it might somehow bring some insight to anyone who still worries about this security breach.
However, I should also mention that looking at the login information under manage/logins.bml on the APost does NOT show that I "logged in". In fact, when I was viewing APost through AView, it showed me as if I was trying to edit a post in a community oddly enough. Specifically it says:
Poster: [userhead image] in community [userhead] [APost]
It also shows AView's userpic but does not list AView as the poster. It's just a userpic.
It will be nice to see if LJ makes any further comments regarding this issue.
Sorry for making this comment so long. I actually have screenshots of everything too if you want to see them/things are too difficult to understand here.