LOST DATA! (Read 1087 times)

All of my entries from 3/1 - 3/3 were lost. There were here this afternoon and now are gone. Was there a problem with the db where you had to restore back to a certain time?

jgordon, I loaded the database snapshot taken on March 3 and saw that indeed there were entries for the range you specified. There is only one way to delete entries from the database, and that is by individually clicking on the delete icon in the workouts list as the owner of the log. I checked the server log and at around 4:43 PM EST yesterday, these workouts were deleted. I cannot determine who deleted them by the IP address in the server log, but the machine belongs to the smoothstone.net domain. Does that ring a bell? The server only allows the owner of the log to delete records. Therefore, whoever that deleted them must have direct access to your log. You need to think back around 4:43 yesterday. The obvious possibility is that you were using a public computer and forgot to log out. There are other explanations but the RA server is not the blame. I can help you reconstruct some of your missing data if you like. Drop me an email and we'll go from there. eric :-)

so, ultimately, I can recreate but it is alarming nonetheless...

As far as I know, in the two years I've been using this log, this has never happened to any of the now thousands of users. Personally I find it alarming that you seem unwilling to admit the blitheringly obvious: that the most likely "security issue" was you or someone else using your login. Can't you use your superpowers to track down the culprit?

I see two possibilities here: 1. It looks to me like delete requests are made via GET, not POST. If this is true, there are some browser extensions that might be prefetching all the links on a page and inadvertently triggering deletions. You have the requests protected by Javascript confirmation, but it's still conceivable that some browser or extension would ignore that. It's actually a violation of the HTTP standard to have any GET request cause a state change. 2. As for security, it's quite likely that RunningAhead's cookies can be sidejacked, which is particularly easy on wireless networks. This is a widespread problem that effects many sites, including Hotmail for example. The only reliable solution is to run the whole site over SSL (an expensive proposition in terms of server load), or as a user to always use a VPN to safely tunnel traffic through the wireless network. For such an attack to work, somebody has to actively be sniffing traffic within wireless range of you while you're using Runningahead. jgordon, have you pissed off any computer-savvy coworkers? ;-)

I am on a wireless network about a block from MIT so who knows?

I am on a wireless network about a block from MIT so who knows?

More importantly, do you like monkeys?