Tim's Blog
Home
Image Gallery
About
Tim
Life is good Gravatar Joined: Nov 2007
Location: Kalamazoo
Changes, changes, all the time changes. So many changes you'd think this is all I did....Oh wait...

So I've made yet another release of this "wonderful" site. I've fixed a number of unexpected features (read: bugs). I've also added a few new features, and fixed one very large flaw that I'm glad was not exploited.

Some of the new features are things like the ability to archive your collections and articles to help de-clutter the listings. Of course by doing this near the beginning of the changes I implemented them in a way that clutters the screen even more. Bummer. But In doing this I've thought of a new way that is similar to the way Facebook does it, if you have the access, it pops up when you hover over it. So look for this is the next release.

I've also added an Extra - a break down of each user's galleries. This is similar to the Authors list on the side, but all users by default have the ability to create collections and galleries. This allows the Authors list to stay small and relevant and the Galleries by member list to be as large as all of the users on the site.

The major flaw that was fixed was actually the Authors list. Actually the flaw was so big and easy to find it's a wonder a crawler didn't find it. Or one of the stupid spammers that's been taking a toll on my site. The flaw allowed an SQL Injection attack if one were to enter the correct URL. The URL given by the list was ...../Authors/XXX. Any one with half a brain, and the want to destroy things and cause chaos would have only needed to do this ...../Authors/XXX';Drop Table Users ;--

Of course this would drop the Users table from my database. Which actually I would not have minded seeing as it's an empty table and I need to get rid of it anyways. This of course has been corrected. The solution came about when I was implementing the Galleries by user list.

I've also with this release further tightened down the denial of the spammers. I started to in the last release using a specific UserAgent. But of course this was futile and not well implemented. I've since changed the string. This may however affect AOL users from browsing the site. Of course there is a work around, use IE or Firefox.

I also fixed a few other bugs around the site and started implementing what is needed for Slide Shows. I just need to finish all the nuts and bolts to make them work. The Slide Show check box will remain disabled until I'm able to finish it.

Hope the changes are well received.

Posted by Tim on Sep 18 2008 3:37PM
The Daily WTF:
Because legacy application maintenance is one of the torments found in the outer circles of hell

Infoworld:
23. There is no such thing as a dumb question, so ask it ... once. Then write down the answer so that you don't have to ask it again. If you ask the same person the same question more than twice, you're an idiot (in their eyes).
Source: http://timmeers.net/u/dtryi

Views, feelings and opinions that you see here are my own and not that of my employer and may be different than when originally published, or in some cases differ from day to day.
Kick It!
Filed under:
Updates
Web
Attachments:
Comments

Anonymous comments are not allowed.
  The Image Store v.5.0.3.20