WT? #3

So, just when i thought i had seen it all… this is the REQUEST, as captured by Fiddler.
Yes, you read that right… the SWF builds the request and sends it through to the web server; in plain text.
(i’ve modified the actual contents of the SQL, naturally)

POST /flashsql.php?id=106 HTTP/1.1


 sql_=SELECT DISTINCT( id ), name, filename FROM table LEFT
JOIN table2 ON ( id = id ) LEFT JOIN
table3 ON ( id = id ) LEFT JOIN table4 ON
( id = id ) LEFT JOIN table5 ON ( id = id ) WHERE id IN(155,150,52,149,134,133,76) AND
typeId=9 ORDER BY id
5 tables, no less and a database name. And a file on the server that happily accepts any SQL for execution. Oh, and this was an e-commerce website.

They were notified and they have subsequently made things a lot more secure.

WT? #2

This was a commercial online system- tried to make a reservation and…


WT? #1

This last year, we have uncovered numerous websites with some severe flaws. And sometimes there are fairly _large_ websites where you’d think they’d have more professional skill available to avoid the kind of things we end up seeing…

And i don’t think ca$h (lack of) is the issue- in fact, i supect that sometimes there is more than sufficient being invested. The resultant product and runtime errors that crop up are, well… for the reader to discern. The names have been hidden to protect the embarassed.

First up: TheBrowserBackButton
This is a large university’s website. I was browsing through the Maths and Computer Science areas when i clicked on my browser’s back button:

Back Button

Maybe this was intentional? It sure does help getting a call from the help desk and they can tell you exactly which line of code is causing the problem 🙂

Settling In

it’s taking some time longer than expected… moving the blogs across, that is… but coming along. Changing templates has been tricky, for one, since the choices are _many_ 🙂 but finally settled something that works for me…

The other was getting used to MySql and php and then running sandboxes for WordPress, Joomla, phpBB and Gallery2 on XP; finding IDE’s for managing all the tools… blah blah blah…

All in all, not your usual .NET stuff… but some really *classic* ideas in those areas. I guess ‘cos they been around for so much longer in _production_ and with such a huge contribution base, the ideas really are standing the test of time.

Performance-wise, i have been suitably impressed by php- even on a Win32 platform- and have been pondering [comparing] our own application we’re developing on .Net: mmm…. But for sure, our team can’t handle a distributed effort in php given the advantages of asp.net on a larger-scale project. that is, considering our collective experience…

I was particulalry impressed though with the MySql function MD5()
** update wp_users set user_password = MD5(‘newpassword’) where id = 1;

back to settling down- still need to import comments from Blogger in Beta :S


‘If’ denotes a condition for an event, and that condition must render true before the associated event can be raised. Life abounds with situations where ‘if’ plays an important role in determining what gets done. Walking with Jesus is no different.

One of the first recorded ‘ifs’ is an encounter between God and Cain. Cain and his offering was not acceptable to God and Cain was angry about it (Gen 4:6,7). God responds to Cain with a fundamental truth:

If you had done the right thing, you would be similing. [CEV]

And this remains fundamentally true to this day. If you do the right thing, there should be no reason for your countenance to fall, as did Cain’s. Attached to the ‘if’ is an ‘else’ or ‘but’ condition. It’s the alternative event raised when the ‘if’ renders false. In the case of Cain:

But you did the wrong thing, and now sin is waiting to attack you like a lion. [CEV]

And we’re all too familiar with the ‘ifs’ in our lives. But looking back be careful of getting too fixated on the “what if” of the past. Tis folly. Focus instead, on looking forward and doing the next thing you need to do, “right”. If you do A, then what? Else, what? But do that which is right.

But now it’s also hard to know what the right thing to do is.

Pro 14:12 You may think you are on the right road and still end up dead.
Prov 16:25 Sometimes what seems right is really a road to death.

And more, the thing we do in and of itself doesn’t determine wether it’s right or not. 

Pro 21:3 Doing what is right and fair pleases the LORD more than an offering.

Since there are many accounts of God rejecting the offerings made by His people- even though they were doing what God asked of them, technically speaking.  Isa 1:11, Jer 6:20, Amos 5:21, Mal 1:10. But there were areas in their lives that were clearly not right. From the outside, it might have appeared to be good enough…

Pro 16:2 We may think we know what is right, but the LORD is the judge of our motives.
Pro 21:2 We may think we are doing the right thing, but the LORD always knows what is in our hearts.

So doing the right thing is related to the condition of our heart and is rooted in our motive, for a start. But motive without the right foundation can still go wrong. Our own experiences will testify that we thought we were doing the right thing, with the right motive, but it ended up otherwise. The proper foundation for Abel’s acceptable offering was faith (Heb 11:4).  And because he offered in faith, he obtained the witness of God that he was indeed counted as righteous.

So, if we have faith, we will do the right things, that is to say, do the things we need to do, “right”. If we find ourselves not doing the right things, we can always go back to God and His Word to help us get it right.

Heb 4:12 What God has said isn’t only alive and active! It is sharper than any double-edged sword. His word can cut through our spirits and souls and through our joints and marrow, until it discovers the desires and thoughts of our hearts.

By working with God, He will teach us, His Word will be a lamp unto our feet and we will live right. But for this to take place; even if God does teach us; even if God does corrects us; if we don’t heed His correction, sin will wait to attack.

Pro 15:10 If you turn from the right way, you will be punished; if you refuse correction, you will die.

And to be taught by God, requires an attitude of obedience. This is what i’m learning. He will not break a bruised reed, but beware your stiff neck. But what does it mean to obey God? What do we have to obey?

The greatest commands Jesus gave us: love the LORD and love your neighbour. And these we are to do, not just speak. So what does it mean to love God? We keep His commands. And what does it mean to keep His commands? We have the love of God. For God is love and we abide in love. And only when we get this right, does everything else fall in place. 1 John 4:7- 1 John 5:3

Even as far back as dot, all the blessings and curses are according to one big “if”:
…if thou shalt obey the voice of Jehovah thy God, to keep his commandments and his statutes which are written in this book of the law; if thou turn unto Jehovah thy God with all thy heart, and with all thy soul… (ia. Deu 30)

Mat 19:17 …If you want to have eternal life, you must obey his commandments..

Joh 8:31 If you keep on obeying what I have said, you truly are my disciples.

Rom 10:9 So you will be saved, if you honestly say, “Jesus is Lord,” and if you believe with all your heart that God raised him from death.

Joh 13:8 “You will never wash my feet!” Peter replied. “If I don’t wash you,” Jesus told him, “you don’t really belong to me.”

If you continue in God’s Word, love Him, only then is there access to the rest of what He says. There is only one door, and that door is Jesus. If you try climb over the wall, you’re a thief, trying to steal and claim that what does not belong to you. If we obey, we will do right, and if we do right, we will be smiling 🙂

Jam 2:8 You will do all right, if you obey the most important law in the Scriptures. It is the law that commands us to love others as much as we love ourselves.

1Co 7:19 Being circumcised or uncircumcised isn’t really what matters. The important thing is to obey God’s commands.

Rom 13:9 In the Law there are many commands….But all of these are summed up in the command that says, “Love others as much as you love yourself.”


now where was this little gem when i needed it? 🙂
a series of articles entitled:

An Extensive Examination of Data Structures Using C# 2.0

there are 6 parts to this series, this link above will take you to “Part 5: From Trees to Graphs” [the part i’m interested in at the time of discovery :)]


Night Surfing

noooo, not the web kind of surfing… the Aloha-Hawaii-Dude!-style of surfing… at night!

it was a super day, saturday. started off with a wedding in the morning [wooohooo, Mr & Mrs Couvaras! 😀 ] and then settled into an evening braai at A+L. Great dinner, fantastic pudding followed off with a warm cuppa coffee. Just when you might have thought it was time to settle into a game of cranium, or slow down into some more good conversation- the *almost* full moon came out from behind the clouds!

well, there we were, 4 of us, scrambling for surfboards and wetsuits, hopping down to the beach at 10pm! a very odd sight indeed. splash! into the water and paddling out to … erm… well, just paddling out 🙂

the water was FROZEN!, the moon had snuck behind the clouds once more but luckily the waves were forgiving. once or twice you got to sit out backline *all by yourself* and more than once i saw shadows darting beneath my board! :S imagination is a tricky thing!

surfing the waves was awesome though- only the moonlight to guide you, not knowing if the section was going to break or not, not sure just how much the wave is sucking up- all you can do is just feel your way… awesome!

we surfed for about half an hour- the onshore started messing with us- before heading back home… an even odder sight since this time we’re all wet hehehe

highly recommended, but at your own risk!

i won’t hesistate to add that before we headed in, we prayed and during, we prayed, and after, we prayed. God is good and for that one sweet night, He protected us while we went about our crazy surf, just fully relying on Him for the rest!