The Resistance: 2 The Enemy: 0
After some more (final) work on the picture display script (the bandwidth reducer problem-fixer), I’ve added a (minor) security fix and logging support, as well as general ‘niceness’ and refactored look to the script itself. This was done late last week (Friday, 9 May).
The security fix had to do with adding ‘relative paths’ to an image query. I considered the fix pretty minor as Apache won’t serve anything outside of its document tree structure, so getting to system files wouldn’t work in the first place. However, it would still be possible to get to files ‘below’ the image directory level specified in the script’s configuration by using relative paths (e.g. ../../file.name). This erratum has been fixed, and all preceeding ../ bits are removed prior to execution. There is a possibility of another security issue arising which I hope to verify and possibly fix tomorrow. But here again, this would be minor as the script won’t actually give you anything unless the referral is correct, so one would have to be somewhat creative to exploit…and still would only be able to gain access to (potentially) other stuff I have out in the web tree.
I also added logging support in a ‘standard’ format that I find easy to read (and scan). In my logfile monitoring days, the one thing I’ve noticed is that it can be difficult to notice irregularities in pattern, so I developed my logfile system for the script to make it easy for me to read. This tells me when people have been trying to gain access to files from bad referrals. I have some other ideas for logfile enhancements which I might also implement…which would potentially be configurable.
Done and graduated!
It’s official, I’m done with school. Finally. 
That’s all I’ve to say about that. 
In other news…
I’ve got parts on order for my new server box (network cards and mice) and server system (new UPS unit specifically for them). I decided to order a few (cheaper) 10/100 Ethernet cards, just for speed. The network topology will change somewhat, and the current router/server box will eventually become a dedicated backup server. I’m going to upgrade the current 10bT cards with a single 10/100 card (it will only need one in its new location, as it won’t be a bridge between networks anymore). This will increase speed on the localnet side, good for backup purposes.
The new server box will have a combination of one of the older 10bT cards (for the external connection via DSL modem, since that only supports 10bT max.) and 10/100 for the localnet, providing extra speed with data transfer…since both of our primary machines have 10/100 cards already). I’ve had an auto-sensing 10/100 hub for several years now…and it’s good to actually forsee it getting used more than it has (on the 100 side that is).
I also ordered two new mice. One will go to Beth, the other will go to the new server box. Beth’s old mouse will go to the old server box.
Finally, I ordered a new UPS unit specifically for the servers and network back-end. With the addition of another server box, all of my existing battery/UPS protection wasn’t enough. So, I decided to purchase an UPS for them. Both servers and the hub will run off of it. This frees up the existing (smaller) batteries to be used explicitly for workstations and printers. Sounds like a plan to me.
And I also hope to get up a Matt’s Software page in the not-so-near future. This will outline things I’ve developed myself or as a group… But more about that later…
This post was upgraded to the MZ Online Blog on 8/20/07