test please delete

**NickFitz** · 21 December 2007, 18:30

That would allow me to run a script which could dump the database as SQL, then upload it to the server and run it against the database there - poor man's DB replication

After all, every website should expose an interface that allows anybody in the world to execute arbitrary SQL against the database

Usually you have to use SQL injection, but in this case you'd be able to just post anything you wanted to http://www.nickfitz.co.uk/database/ and have it run

**Jog On** · 21 December 2007, 18:31

Originally posted by NickFitz View Post

My Facebook app is online again now that I've started mysqld on the laptop.

I ought to get the PowerMac fired up for use as a staging server. Then it could automatically deploy the latest version of the app once it passes QA.

QA consists of me deciding that "That probably ought to work."

Sounds like your typical facebook app

**Sockpuppet** · 21 December 2007, 18:32

Originally posted by NickFitz View Post

I can't remember if I'm running the same version of mySQL as my ISP.

It makes things a lot easier, given that they haven't upgraded in years

First rule of mysql is upgrading it will break it.

I hate databases. I get to play with a Teradata server. Ran the wrong query on a database with 800 million records (sales data).

Was running a perl script that outputted to CSV. Didn't realise it was wrong till it was 35 mins into the query when I checked on it and found an SQL error.

Was too busy posting on TPD and flirting with CM to notice

**NickFitz** · 21 December 2007, 18:37

The guy who created PHP gave us a talk about web site security during that developer summit at ClientCorp - oops, I mean ExClientCorp, or OldClientCorp or something - anyway, as I was saying, that guy gave us a talk about security the other week.

He has a tool which tries all the usual tricks, and a few the bad guys haven't worked out yet, with heavy fuzzing to boot... it took about 3 seconds to find a dozen holes in the site he pointed it at.

He then asked if anybody would like him to run it against a particular domain.

I suggested http://www.mi5.gov.uk/ but he declined

**BrowneIssue** · 21 December 2007, 18:41

Originally posted by Jog On View Post

I don’t think I did after the party – did I?

#52825

Well done!

**NickFitz** · 21 December 2007, 18:42

My app, as well as showing what it's supposed to show (which at the moment is just the words "Test 5") also returns the HTTP Request headers.

That's a potential XSS scenario right there.

Hmmm... I might fire up an HTTP debugging proxy and test a little theory of mine...

**BrowneIssue** · 21 December 2007, 18:42

Originally posted by DS23 View Post

was that...?

#52925

Well done!

**NickFitz** · 21 December 2007, 18:43

Originally posted by Jog On View Post

Sounds like your typical facebook app

Indeed; the bar isn't set very high...

**NickFitz** · 21 December 2007, 18:47

Evening BI

What's going to happen when one of your palindrome celebrations is, itself, a palindrome? Will the universe implode?

**BrowneIssue** · 21 December 2007, 18:47

Originally posted by ferret View Post

And I bet neither of them do oral...

Ooh, it's ferret! I feel like I've been caught reading a dirty magazine behind the bike sheds by a teacher.

test please delete

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Partners

Advertisers

Contractor Services

CUK News

test please delete

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Partners

Advertisers

Contractor Services

CUK News

Tag Cloud