videoDB / Bugs / #10 trace.php is EVIL

#10 trace.php is EVIL

Status: closed-fixed

Owner: andig

Labels: core (18)

Priority: 5

Updated: 2006-01-09

Created: 2005-05-13

Creator: Guilherme Ramos

Private: No

Hello,
I've been using VideoDB for some time now.. it's a very
good program.. But lately I've noticied that my cache
was filling up very fast....and that's odd because
mostly only I go to my movie page (but it's opened to
the public)..

Than I looked at my server logs, and saw that trace.php
was responsable for a LOT of bandwich usage... more
than everything else. I then found out that someone
actually used it to browse pages other than IMDB.. he
just keep browsing, with that bar.
So I rushed to disable access to IMDB... that'll
probably solve it.. I also removed access for people
without a password..

While doing this, I found out something... even if you
restrict to registered users, and configure videoDB to
NOT access IMDB inside your site, if you just use the
url /trace.php?videodburl=XXX you can STILL use it.. I
think trace.php needs a security check also.. Because
somehow, after disabling everything, people keep coming
to this file (so I just deleted it).

Discussion

andig - 2005-09-07

Logged In: YES
user_id=391980

Are you running latest CVS version?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

andig - 2005-09-07

assigned_to: nobody --> andig2
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

andig - 2006-01-09

Logged In: YES
user_id=391980

No response, added option to restrict to local site.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

andig - 2006-01-09

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

trace.php is EVIL

Group

Searches

Help

#10 trace.php is EVIL

Discussion