| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Comments:
<0> rhowe: if you guys need a real webapp developer at some point, give us a call :) Cuz those guys sound like clowns
<1> siglite: These guys write the accounting system the entire *group* uses
<1> siglite: This is their web-based timesheets application
<0> ugh
<1> hm, the logo for Birmingham International Airport
<1> One of their other clients, I presume
<1> hm, I can download a "vssver.scc" file from each directory. I'm ***uming that's some state information used by Visual SourceSafe
<0> it is
<0> I don't remember getting anything of any real value from those files though.
<0> it's been a while since I nabbed one.
<1> ahaha
<1> siglite: Nah, there wasn't really anything inside them
<1> siglite: This has the license info for all the custom controls they use
<2> howdy boys.
<0> lol
<1> Infragistics.WebUI.WebDataInput.WebDateTimeEdit, Infragistics.WebUI.WebDataInput.v1.1, Version=1.1.20042.1069, Culture=neutral, PublicKeyToken=[$string]
<1> etc etc
<0> whoa
<0> they have the database schema in the webroot?
<0> D-side: hey
<1> siglite: Uh, yeah
<1> <Field TableName="TS_SR_SETUP_HEAD">
<1> <Description>Request Type</Description>
<1> <DBField>SRSH_NAME</DBField></Field>
<1> That kind of stuff
<0> break out the extra spikey lart
<1> siglite: Schema mapping to whatever the ASP code uses, I guess
<0> do damage to craniums.
<3> I ****ing hate that!1!1! if you sell different cards why not support it in linux as well.. it comes with windows software and such so why not for linux? ARGH
<4> yoz: eh
<1> Bingo! ASP source code
<1> <%
<1> Response.Expires = 0
<1> ... etc etc
<3> K_F: :( speaking of my HSDPA card.
<4> figured as much
<0> dbconn.Open("ODBCname,user,p***")
<4> but you're primarily using it on windows in the first place, aren't you?
<3> K_F: well yeah.. but would be nice to be able to use in linux as well.
<1> siglite: Fortunately, all that stuff seems protected
<1> siglite: I'm sure the ASP files can be tricked into telling you though, with the right request parameters
<0> rhowe: yeah
<1> siglite: Not that you'd have needed that before I started here.. the SQL Server 2k box was "sa" and "" :)
<0> LOL
<1> and...
<1> IT BROKE APPLICATIONS
<0> you'd be suprised how often we run into that both on the developer and security side of our company
<0> good lord, applications were logging in as sa with no p***word. Beautiful.
<1> These guys (same company) had provided us with an application which logged into the database using a hardcoded login of "sa" and a blank p***word
<1> siglite: That wasn't configurable, either. That was in the code.
<5> Revenger: you alive?
<6> siglite: lots of proggies cant *have* a p***word set - they have no way of telling them not to use sa/none
<1> siglite: Even worse... the application asked for login details when you ran it, and used those credentials for everything, except... an embedded Crystal Report...
<6> siglite: all you can do is bind the port to 127.0.0.1 so nobody else can see it, and cross your fingers
<0> rhowe: that's terrible
<1> siglite: And the fix?
<0> buy a new version?
<1> siglite: Hardcode a *different* username and p***word into the application
<0> LOL
<1> siglite: So, we now have an account on SQL Server just so that this application can run its embedded report
<0> they coulda at least made it a registry hack or something
<1> siglite: And the p***word can't be changed without recompiling the app
<1> SCC = This is a Source Code Control file
<1> [FocalPoint.vbproj]
<1> SCC_Aux_Path = "\\hippo\vss\"
<1> SCC_Project_Name = "$/focalpoint", ICBAAAAA
<1> ooh, pretty
<0> that's pathetic. Not all that uncommon, bt pathetic nonetheless
<1> (hippo is not a server of ours - must be theirs)
<6> embedded report isn't a .rpt file in the same dir as the exe then?
<1> DaveHowe: It is, but I guess they supply the username & p***word when they call Crystal
<1> siglite: haha, there's a "versions.txt" in the webroot.. a changelog.. it's ... empty
<1> siglite: Has "12/12/2005 3.0.50 ", and that's it
<0> yeah, crystal's normally configured that way. The report prompts for login/p***
<1> hm, shame they protected the 'bin' directory.. there's lots of interesting files there
<0> by the end of the day, I will have shuttled 150 gigs around the lan today.
<1> siglite: We could do with shifting a couple hundred gig across the SAN, but at 10Mbyte/s, it'll take a while :)
<1> siglite: hm.. make that ~400G
<0> shifting it around the san's no big deal
<0> but I have to move this **** over the lan
<1> siglite: 10Mbyte/s
<1> siglite: Our SAN is slow as ****
<7> rhowe: dont get him started on SANs please. :(
<0> ours kicks ***.
<1> kosmo: heh
<1> siglite: Ours is 5 years old
<0> it's san->lan->workstation or the reverse
<0> I keep waiting on the lan guys to come in here bitching about me pegging trunks
<8> how the hell do I redirect the output of time ?
<0> >
<6> start with a black hole....
<9> DaveHowe: heh
<10> bwhahaha
<11> I'm new to linux, can someone help me with installing the wireless drivers for my wireless card in my laptop?
<12> Mkaster: start by checking up on the documentation.
<3> hah
<3> need some food. /me runs off a second
<13> guess yoz will have mashed potatos for lunch tomorrow
<3> speaking of food.
<3> tojoe: btw $employer didn't respond to my email.
<13> hmm, weird
<3> *shrug*
<13> ah well, maybe i have something better in a few weeks
<11> I have a Standard Intel Wireless 2200 WLAN (802.11b/g) Mini-PCI, Wi-Fi compatible
<3> tojoe: at phorus?
<13> yeah, depends on a few uncertain things though
<3> tojoe: *nod* lemme know anyways.
<13> like.. uhm.. /m egetting a new job :p
<3> tojoe: I see..
<3> tojoe: did you apply for it yet
<13> yep
<3> tojoe: ah I see..
<3> anyway.. bbl.
<3> *burp*
<14> hello I need helpo
<3> hello you donto geto helpo thato wayo
<14> I've installed identd, but I can't run it.. whats the command to run it on centos?
<9> uhhh, ./identd
<15> har
<16> uuhuh.
<17> como puedo encriptar un p***word en una shell?
<16> sirious: english, or #linuxlatino
<17> thaks
<16> sirious: crypt is what you're looking for.
<17> whyzzyrd i do not understand much the english
<16> sirious: I noticed, but I do not understand much the spanish, hence sending you to #linuxlatino.
<17> thaks xD
<18> setting up security on a linux box for the first time. there any good tutorials on a good security configuration?
<9> NineVolt: sit still
<16> reptizzle: I don't know of one, but a good start is don't run anything you don't need.
<18> such as? basically, I've got some developers I want to give access to website files... everything else on the system i want to be off to them. whats the best way to do that?
<16> reptizzle: work out who needs access to which service yo do choose to provide, and then firewall it from anyone else.
<16> groups are one way to accomplish this.
<18> k
<16> reptizzle: but it requires a good working knowledge of unix permissions.
<18> ya.. thats what i figured... and also lack.
<16> reptizzle: there's also the possibility of chroot jails, but then also need a good idea of what you're doing.
<18> k..
<16> reptizzle: how much do you distrust the developers?
<18> heh... thats a funny question..
<18> alot?
<16> reptizzle: then replicate the files on a test machine, and migrate them to the productiuon box yourself, when you're happy.
<18> all i want them to be able to do is read, write and execute files in only one directory. everything else should be off limits
Return to
#linux
or
Go to some related
logs:
#AllNiteCafe
#AllNiteCafe
draw circle c++ console *
NT_STATUS_NETWORK_ACCESS_DENIED
shannon fano in c++
#c
#networking
#linux
#asm
#php
|
|