in reply to Re^6: Everything2 github repository and being of value to perlmonks (security of obscurity)
in thread Everything2 github repository and being of value to perlmonks

That all sounds good.

Yes, I meant everything.errlog, but I was talking about trolling for something more specific. Long, long ago when I implemented a whitelist of DB columns that can be automatically modified because I find the blacklist approach hopelessly prone to security problems, I didn't actually switch to the whitelist code. But I did make it log whenever something was set via that mechanism so I could later use the log to find things that should be whitelisted (or be set by specific code instead) so switching to the whitelist would not break some important but infrequently used feature.

- tye        

  • Comment on Re^7: Everything2 github repository and being of value to perlmonks (security of obscurity)

Replies are listed 'Best First'.
Re^8: Everything2 github repository and being of value to perlmonks (security of obscurity)
by JayBonci (Curate) on Mar 08, 2012 at 03:10 UTC

    Cool. A few questions for you then:

    • Do you already have an existing github account?
    • Who do you envision having access to this code in the beginning?
    • Do you want to get me the code, or put it in yourself once everything is created? If so, you can email me the tarball of Everything*
    • Would you trust me with a schema-only mysqldump (including procedures, if any) of the DB so I can make sure the tool looks right?
    • I assume you are on a semi-modern mysql, but if you wouldn't mind letting me know the version privately, that'd be great.
    With those two things we can morph ecoretool a bit so that we can get a sanitized xml dump into source control and work from there, and once you guys are caught up a bit, we can discuss how to make mutual, sane changes to go forward with both sites.


        --jaybonci
[reply]

In Section Inner Scriptorium