[kwlug-disc] KWLUG error and security issue

Raul Suarez rarsa at yahoo.com
Tue Mar 2 23:56:56 EST 2010


It wasn't the verbosity of the errors, it was the information displayed on the error.

The site can show an explicit error that does not show the underlying database structure of the site or other exploitable information.

Raul Suarez

Technology consultant
Software, Hardware and Practices
_________________
http://rarsa.blogspot.com/ 
An eclectic collection of random thoughts


--- On Tue, 3/2/10, Paul Nijjar <paul_nijjar at yahoo.ca> wrote:

> From: Paul Nijjar <paul_nijjar at yahoo.ca>
> Subject: Re: [kwlug-disc] KWLUG error and security issue
> To: "KWLUG discussion" <kwlug-disc at kwlug.org>
> Received: Tuesday, March 2, 2010, 7:55 PM
> On Tue, Mar 02, 2010 at 10:35:12AM
> -0500, Khalid Baheyeldin wrote:
> > Paul or someone with ssh access. Do this:
> > 
> > # mysql dbname
> > mysql > repair table accesslog;
> > 
> > That should fix this problem.
> 
> I assume this output is okay?
> 
> mysql> repair table accesslog;
> +---------------------------+--------+----------+------------------------------$
> | Table             
>        | Op 
>    | Msg_type | Msg_text     
>            
>    $
> |
> +---------------------------+--------+----------+------------------------------$
> | db.accesslog | repair | warning  | Number of rows
> changed
> from 500179 to 500184 |
> | db.accesslog | repair | status   |
> OK               
>            $
> |
> +---------------------------+--------+----------+------------------------------$
> 2 rows in set (41.84 sec)
> 
> Stupid question time: if errors are not verbose, then how
> will we know 
> that they are happening? I log into the site about once a
> month. If I 
> bother to look at 
> 
> http://kwlug.org/admin/logs/watchdog
> 
> then I see the errors, but unless the site admins can
> somehow get notified 
> when these bad things happen it's almost better if users
> see the errors 
> and report them, no? Many eyes make shallow bugs and all
> that?
> 
> - Paul
> 
> 
> -- 
> http://pnijjar.freeshell.org
> 
> 
> _______________________________________________
> kwlug-disc_kwlug.org mailing list
> kwlug-disc_kwlug.org at kwlug.org
> http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org
> 


      __________________________________________________________________
Yahoo! Canada Toolbar: Search from anywhere on the web, and bookmark your favourite sites. Download it now
http://ca.toolbar.yahoo.com.




More information about the kwlug-disc mailing list