Search:
Submit Search


New Concert Hall server problems?

Discuss and share submissions to the Contrebombarde website.

Moderator: dwood

Re: New Concert Hall server problems?

Postby Hoofdwerk » Mon Dec 14, 2015 1:14 pm

johnh wrote:A skilled hacker could exploit that. Probably best not to publicize it.


A SQL query syntax error like that one does not crash the server. It merely generates an error message, and the server goes on its merry way. So there is not an opportunity to elevate privilege or run malicious code based on such a common error.

A skilled hacker would have many other, better routes to exploit than this...
User avatar
Hoofdwerk
Member
 
Posts: 127
Joined: Thu Jan 20, 2011 5:21 pm
Location: Portland, Oregon, USA

Re: New Concert Hall server problems?

Postby sonar11 » Mon Dec 14, 2015 1:42 pm

I've had great results with amazon cloud servers? Not sure what the costs on that would be though since I never saw the bills; but excellent stability and you can customize for whatever resources you need the most.

There is also a co-location hosting provider in downtown Toronto that quoted me $99/month for a 1U rack server, 1 amp power supply. You pay a little more upfront since you need to come with your own hardware, but a cheap AMD 16 core server can be had for a thousand or two last time I built one.

In case any of that helps... Nothing like putting out a fire with everyone suggesting "helpful" ideas :)
sonar11
Member
 
Posts: 577
Joined: Thu May 14, 2009 4:03 pm

Re: New Concert Hall server problems?

Postby gerrit » Mon Dec 14, 2015 2:01 pm

Hoofdwerk wrote:
johnh wrote:A skilled hacker could exploit that. Probably best not to publicize it.


A SQL query syntax error like that one does not crash the server.

No, but the fact that a ' results in an error, means that a ' is not properly escaped. A hacker can use that to insert malicious sql commands, like deleting the whole database completely.
Gerrit Veldman

Free sheet music available at my website.
gerrit
Member
 
Posts: 118
Joined: Thu Sep 17, 2009 4:29 am
Location: Netherlands

Re: New Concert Hall server problems?

Postby sonar11 » Mon Dec 14, 2015 2:34 pm

gerrit wrote:
Hoofdwerk wrote:
johnh wrote:A skilled hacker could exploit that. Probably best not to publicize it.


A SQL query syntax error like that one does not crash the server.

No, but the fact that a ' results in an error, means that a ' is not properly escaped. A hacker can use that to insert malicious sql commands, like deleting the whole database completely.


That's what "prepared statements" are for :)
sonar11
Member
 
Posts: 577
Joined: Thu May 14, 2009 4:03 pm

Re: New Concert Hall server problems?

Postby dwood » Mon Dec 14, 2015 3:09 pm

Thanks for the suggestions.

The fire is out though (as far as we know) for the foreseeable future. No need to panic unless you've discovered some issues since we got to the office this morning.

Darryl
dwood
Moderator
 
Posts: 491
Joined: Fri Oct 20, 2006 3:57 pm
Location: Toronto, Canada

Re: New Concert Hall server problems?

Postby OAM » Thu Dec 24, 2015 1:53 pm

There seems to be a problem with the (Riepp) play list(s).
It contains 19 pieces but actually doesn't show any one?
Prof. Helmut Maier
OrganArt Media Sound Engineering
D-72827 Wannweil/Germany
http://www.organartmedia.com
OAM
Member
 
Posts: 516
Joined: Tue Mar 18, 2003 5:08 pm
Location: Germany

Previous

Return to Contrebombarde Concert Hall

Who is online

Users browsing this forum: No registered users and 1 guest