GoFuckYourself.com - Adult Webmaster Forum - View Single Post

testuser · 10-23-2003, 05:45 PM

Whoa, and I just wanted to find out what was going on with the Vancouver dinner.

Just took a look at the two scripts. Got to say that it looks different on the surface, but there are lots of similarities in there to say it's a "complete rewrite". Ver. 2 looks different, but I'm wondering how close Ver. 1 was to ttt.

For instance, you could tell people to write a function, and people would write functions completely differently. It's just the way people think. Most people who do any coding at all just hate looking at other people's code just because it's hard to understand.

Looking at the in.php files. Take away the ip logging and the security checking, you're looking pretty much at ttt. Usually, people aren't allowed to look at ANY code at all if they're going to rewrite something. Maybe the API if that much. If you can say, this sort of looks like something else, generally, there's a problem.

Random notes on CJ:
And on the security checking, didn't they forget to parse for quotations in the referrer if they're really looking for sql security problems? Why are they checking the string length of the referrer (line 71 in.php)? This isn't C where there's a buffer to worry about. Also, in mysql tables, it cuts off the entry at the column length anyway on inserts, etc. Selects and compares would stop at the first non-matching char, so that would be max 255 anyway. What overflow does this protect against? I just don't see it. That, and the entire algorithm is a bit slower, too. Go figure. Stuff like this really just makes you wonder.

About using the "rewritten script":
If someone stole stuff I wrote, needless to say I wouldn't be happy. The whole blacklisting thing seems a little extreme, but whatever. It seems like the people that know about the "rewritten script" don't seem to care about being blacklisted, while the people that don't know about it, don't care either. Of course, it wouldn't really hurt to inform them before blacklisting them, but then again, it's not really any of my business.

Just my 2 cents.

10-23-2003, 05:45 PM
testuser Registered User Join Date: Sep 2003 Posts: 95	Whoa, and I just wanted to find out what was going on with the Vancouver dinner. Just took a look at the two scripts. Got to say that it looks different on the surface, but there are lots of similarities in there to say it's a "complete rewrite". Ver. 2 looks different, but I'm wondering how close Ver. 1 was to ttt. For instance, you could tell people to write a function, and people would write functions completely differently. It's just the way people think. Most people who do any coding at all just hate looking at other people's code just because it's hard to understand. Looking at the in.php files. Take away the ip logging and the security checking, you're looking pretty much at ttt. Usually, people aren't allowed to look at ANY code at all if they're going to rewrite something. Maybe the API if that much. If you can say, this sort of looks like something else, generally, there's a problem. Random notes on CJ: And on the security checking, didn't they forget to parse for quotations in the referrer if they're really looking for sql security problems? Why are they checking the string length of the referrer (line 71 in.php)? This isn't C where there's a buffer to worry about. Also, in mysql tables, it cuts off the entry at the column length anyway on inserts, etc. Selects and compares would stop at the first non-matching char, so that would be max 255 anyway. What overflow does this protect against? I just don't see it. That, and the entire algorithm is a bit slower, too. Go figure. Stuff like this really just makes you wonder. About using the "rewritten script": If someone stole stuff I wrote, needless to say I wouldn't be happy. The whole blacklisting thing seems a little extreme, but whatever. It seems like the people that know about the "rewritten script" don't seem to care about being blacklisted, while the people that don't know about it, don't care either. Of course, it wouldn't really hurt to inform them before blacklisting them, but then again, it's not really any of my business. Just my 2 cents. __________________ ICQ: 273796889