It is currently Fri Mar 29, 2024 6:10 am


New Concert Hall server problems?

Discuss and share submissions to the Contrebombarde website.
  • Author
  • Message
Offline
User avatar

Hoofdwerk

Member

  • Posts: 145
  • Joined: Thu Jan 20, 2011 4:21 pm
  • Location: Portland, Oregon, USA

Re: New Concert Hall server problems?

PostMon Dec 14, 2015 12:14 pm

johnh wrote:A skilled hacker could exploit that. Probably best not to publicize it.


A SQL query syntax error like that one does not crash the server. It merely generates an error message, and the server goes on its merry way. So there is not an opportunity to elevate privilege or run malicious code based on such a common error.

A skilled hacker would have many other, better routes to exploit than this...
Offline

sonar11

Member

  • Posts: 740
  • Joined: Thu May 14, 2009 3:03 pm

Re: New Concert Hall server problems?

PostMon Dec 14, 2015 12:42 pm

I've had great results with amazon cloud servers? Not sure what the costs on that would be though since I never saw the bills; but excellent stability and you can customize for whatever resources you need the most.

There is also a co-location hosting provider in downtown Toronto that quoted me $99/month for a 1U rack server, 1 amp power supply. You pay a little more upfront since you need to come with your own hardware, but a cheap AMD 16 core server can be had for a thousand or two last time I built one.

In case any of that helps... Nothing like putting out a fire with everyone suggesting "helpful" ideas :)
Offline

gerrit

Member

  • Posts: 127
  • Joined: Thu Sep 17, 2009 3:29 am
  • Location: Netherlands

Re: New Concert Hall server problems?

PostMon Dec 14, 2015 1:01 pm

Hoofdwerk wrote:
johnh wrote:A skilled hacker could exploit that. Probably best not to publicize it.


A SQL query syntax error like that one does not crash the server.

No, but the fact that a ' results in an error, means that a ' is not properly escaped. A hacker can use that to insert malicious sql commands, like deleting the whole database completely.
Gerrit Veldman

Free sheet music available at my website.
Offline

sonar11

Member

  • Posts: 740
  • Joined: Thu May 14, 2009 3:03 pm

Re: New Concert Hall server problems?

PostMon Dec 14, 2015 1:34 pm

gerrit wrote:
Hoofdwerk wrote:
johnh wrote:A skilled hacker could exploit that. Probably best not to publicize it.


A SQL query syntax error like that one does not crash the server.

No, but the fact that a ' results in an error, means that a ' is not properly escaped. A hacker can use that to insert malicious sql commands, like deleting the whole database completely.


That's what "prepared statements" are for :)
Offline

dwood

Member

  • Posts: 492
  • Joined: Fri Oct 20, 2006 2:57 pm
  • Location: Toronto, Canada

Re: New Concert Hall server problems?

PostMon Dec 14, 2015 2:09 pm

Thanks for the suggestions.

The fire is out though (as far as we know) for the foreseeable future. No need to panic unless you've discovered some issues since we got to the office this morning.

Darryl
Offline
User avatar

OAM

Member

  • Posts: 591
  • Joined: Tue Mar 18, 2003 4:08 pm
  • Location: Germany

Re: New Concert Hall server problems?

PostThu Dec 24, 2015 12:53 pm

There seems to be a problem with the (Riepp) play list(s).
It contains 19 pieces but actually doesn't show any one?
Prof. Helmut Maier
OrganArt Media Sound Engineering
D-88662 Überlingen/Lake Constance
http://www.organartmedia.com
Previous

Return to Contrebombarde Concert Hall

Who is online

Users browsing this forum: No registered users and 4 guests