#10 trace.php is EVIL

core (18)

I've been using VideoDB for some time now.. it's a very
good program.. But lately I've noticied that my cache
was filling up very fast....and that's odd because
mostly only I go to my movie page (but it's opened to
the public)..

Than I looked at my server logs, and saw that trace.php
was responsable for a LOT of bandwich usage... more
than everything else. I then found out that someone
actually used it to browse pages other than IMDB.. he
just keep browsing, with that bar.
So I rushed to disable access to IMDB... that'll
probably solve it.. I also removed access for people
without a password..

While doing this, I found out something... even if you
restrict to registered users, and configure videoDB to
NOT access IMDB inside your site, if you just use the
url /trace.php?videodburl=XXX you can STILL use it.. I
think trace.php needs a security check also.. Because
somehow, after disabling everything, people keep coming
to this file (so I just deleted it).


  • Andreas Goetz

    Andreas Goetz - 2005-09-07

    Logged In: YES

    Are you running latest CVS version?

  • Andreas Goetz

    Andreas Goetz - 2005-09-07
    • assigned_to: nobody --> andig2
  • Andreas Goetz

    Andreas Goetz - 2006-01-09

    Logged In: YES

    No response, added option to restrict to local site.

  • Andreas Goetz

    Andreas Goetz - 2006-01-09
    • status: open --> closed-fixed

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks