I see! What a great idea. All of the tech staff and admins would have
their Allaire Secret Decoder Rings(tm), available in Personal or
Enterprise versions. Error says ODBC error? A quick flick of the dial and
it's actually a syntax error! Zounds! a misplaced > sign.
The future is so bright, I need shades!
Greg Creedon
On Wed, 12 Jul 2000, Bryan Batchelder wrote:
> This message is in MIME format. Since your mail reader does not understand
> this format, some or all of this message may not be legible.
>
> ------_=_NextPart_001_01BFEC13.BA40F1D0
> Content-Type: text/plain
>
> Or they have deliberately misinformed you in the error message :-) Not that
> the error is deliberate...but the information it is giving you could be
> deliberately wrong.
>
> I have done this in past systems I have worked on.....and set up most of my
> UNIX boxes to give wrong profiling information (including information in
> errors).
>
> Just a thought. Its fun watching people try linux exploits on a solaris
> box...or vice versa - or making a linux box look like an NT box.
>
> --------------------------------------------
> Bryan D. Batchelder Work: 813-935-7100
> Palm/Internet Developer Home: 727-547-1322
> --------------------------------------------
> ConnectWise, Inc. (www.ConnectWise.com)
> 2803 West Busch Blvd, Suite 204
> Tampa, FL 33618
> --------------------------------------------
>
> -----Original Message-----
> From: Steve Bernard [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 12, 2000 11:03 AM
> To: [EMAIL PROTECTED]
> Subject: RE: You know what would be really cool?
>
>
> It is truly a sad state of affairs isn't it? This sort of thing has been
> happening on a regular basis since Allaire first started hosting a website.
> All three of their main components, Corporate, Forums, and Beta sites, have
> gone down or produced errors that really make them look bad. The two general
> types that I have seen the most, and that speak volumes about their
> infrastructure/administration in my opinion, are related to performance/load
> and database management. Ironically enough, these are two of tenants of the
> Allaire Performance Tuning class, optimizing your code and your database.
> Another problem that this exposes is Allaire's attention to detail and
> security. You can learn a lot about a system by getting such error messages.
> It may seem innocent enough but from this error message you know:
>
> 1) Using IIS
> 2) .. therefore, using NT
> 3) Web root is on D:, seperate from the system root
> 4) Exact path to the customtags directory
> 5) Template name
> 6) Exact line of offending code
> 7) 'CustomTagsV65' may indicate that they have multiple versions in one
> tree. This may provide further opportunity
> if the system is breached.
> 8) Allaire doesn't monitor it's servers effectively
> 9) Allaire doesn't seem to take it's web presence seriously enough even
> though the product it sells is made for
> developing high-end, robust, data-driven, web sites (enought buzz words
> there?).
>
> All this provides is information, not vulnerabilities, but, it is a definite
> start in profiling the system, and all without having to send a single
> suspicious packet their way. Anyone who has spent time profiling systems
> will understand this. So if Allaire is this shoddy in protecting/maintaining
> their corporate site what's going on with the areas of the site that manage
> customer information?
>
> Steve
>
> p.s. I don't have anything against Allaire, I'm just calling it like I see
> it.
>
>
> > -----Original Message-----
> > From: Sean Renet [mailto:[EMAIL PROTECTED]]
> >
> > I think it would be really cool if you went to Allaire's website, searched
> > for something and didn't get this:
> >
> > Error Diagnostic Information
> > Error occurred in tag CFSEARCH
> >
> > Collection failed to open: AllaireWeb6SiteSearch
> >
> >
> > The error occurred while processing an element with a general
> > identifier of (CFSEARCH), occupying document position (28:1) to (31:57) in
> > the template file
> > D:\WWWROOT\ALLAIREWEB65\CUSTOMTAGSV65\ALLAIREWEB\SITESEARCH\SITESE
> > ARCH.CFM.
> >
> >
> > Date/Time: 07/11/00 22:55:58
> > Browser: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
> > Remote Address: 63.203.119.82
> > HTTP Referer: http://www.allaire.com/search/index.cfm
> >
> >
> >
> > How do these guys expect to have people buy into this language when thier
> > own site is constantly breaking?
>
> ----------------------------------------------------------------------------
> --
> Archives: http://www.mail-archive.com/[email protected]/
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
>
> ------_=_NextPart_001_01BFEC13.BA40F1D0
> Content-Type: text/html
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
> <HTML>
> <HEAD>
> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
> charset=3Dus-ascii">
> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
> 5.5.2650.12">
> <TITLE>RE: You know what would be really cool?</TITLE>
> </HEAD>
> <BODY>
>
> <P><FONT SIZE=3D2>Or they have deliberately misinformed you in the =
> error message :-) Not that the error is deliberate...but the =
> information it is giving you could be deliberately wrong.</FONT></P>
>
> <P><FONT SIZE=3D2>I have done this in past systems I have worked =
> on.....and set up most of my UNIX boxes to give wrong profiling =
> information (including information in errors).</FONT></P>
>
> <P><FONT SIZE=3D2>Just a thought. Its fun watching people try =
> linux exploits on a solaris box...or vice versa - or making a linux box =
> look like an NT box.</FONT></P>
>
> <P><FONT SIZE=3D2>--------------------------------------------</FONT>
> <BR><FONT SIZE=3D2>Bryan D. =
> Batchelder Work: =
> 813-935-7100</FONT>
> <BR><FONT SIZE=3D2>Palm/Internet Developer Home: =
> 727-547-1322</FONT>
> <BR><FONT SIZE=3D2>--------------------------------------------</FONT>
> <BR><FONT SIZE=3D2>ConnectWise, Inc. (www.ConnectWise.com)</FONT>
> <BR><FONT SIZE=3D2>2803 West Busch Blvd, Suite 204</FONT>
> <BR><FONT SIZE=3D2>Tampa, FL 33618</FONT>
> <BR><FONT SIZE=3D2>--------------------------------------------</FONT>
> </P>
>
> <P><FONT SIZE=3D2>-----Original Message-----</FONT>
> <BR><FONT SIZE=3D2>From: Steve Bernard [<A =
> HREF=3D"mailto:[EMAIL PROTECTED]">mailto:[EMAIL PROTECTED]</A>]</FONT>
> <BR><FONT SIZE=3D2>Sent: Wednesday, July 12, 2000 11:03 AM</FONT>
> <BR><FONT SIZE=3D2>To: [EMAIL PROTECTED]</FONT>
> <BR><FONT SIZE=3D2>Subject: RE: You know what would be really =
> cool?</FONT>
> </P>
> <BR>
>
> <P><FONT SIZE=3D2>It is truly a sad state of affairs isn't it? This =
> sort of thing has been</FONT>
> <BR><FONT SIZE=3D2>happening on a regular basis since Allaire first =
> started hosting a website.</FONT>
> <BR><FONT SIZE=3D2>All three of their main components, Corporate, =
> Forums, and Beta sites, have</FONT>
> <BR><FONT SIZE=3D2>gone down or produced errors that really make them =
> look bad. The two general</FONT>
> <BR><FONT SIZE=3D2>types that I have seen the most, and that speak =
> volumes about their</FONT>
> <BR><FONT SIZE=3D2>infrastructure/administration in my opinion, are =
> related to performance/load</FONT>
> <BR><FONT SIZE=3D2>and database management. Ironically enough, these =
> are two of tenants of the</FONT>
> <BR><FONT SIZE=3D2>Allaire Performance Tuning class, optimizing your =
> code and your database.</FONT>
> <BR><FONT SIZE=3D2>Another problem that this exposes is Allaire's =
> attention to detail and</FONT>
> <BR><FONT SIZE=3D2>security. You can learn a lot about a system by =
> getting such error messages.</FONT>
> <BR><FONT SIZE=3D2>It may seem innocent enough but from this error =
> message you know:</FONT>
> </P>
>
> <P><FONT SIZE=3D2>1) Using IIS</FONT>
> <BR><FONT SIZE=3D2>2) .. therefore, using NT</FONT>
> <BR><FONT SIZE=3D2>3) Web root is on D:, seperate from the system =
> root</FONT>
> <BR><FONT SIZE=3D2>4) Exact path to the customtags directory</FONT>
> <BR><FONT SIZE=3D2>5) Template name</FONT>
> <BR><FONT SIZE=3D2>6) Exact line of offending code</FONT>
> <BR><FONT SIZE=3D2>7) 'CustomTagsV65' may indicate that they have =
> multiple versions in one</FONT>
> <BR><FONT SIZE=3D2>tree. This may provide further opportunity</FONT>
> <BR><FONT SIZE=3D2> if the system is breached.</FONT>
> <BR><FONT SIZE=3D2>8) Allaire doesn't monitor it's servers =
> effectively</FONT>
> <BR><FONT SIZE=3D2>9) Allaire doesn't seem to take it's web presence =
> seriously enough even</FONT>
> <BR><FONT SIZE=3D2>though the product it sells is made for</FONT>
> <BR><FONT SIZE=3D2> developing high-end, robust, =
> data-driven, web sites (enought buzz words</FONT>
> <BR><FONT SIZE=3D2>there?).</FONT>
> </P>
>
> <P><FONT SIZE=3D2>All this provides is information, not =
> vulnerabilities, but, it is a definite</FONT>
> <BR><FONT SIZE=3D2>start in profiling the system, and all without =
> having to send a single</FONT>
> <BR><FONT SIZE=3D2>suspicious packet their way. Anyone who has spent =
> time profiling systems</FONT>
> <BR><FONT SIZE=3D2>will understand this. So if Allaire is this shoddy =
> in protecting/maintaining</FONT>
> <BR><FONT SIZE=3D2>their corporate site what's going on with the areas =
> of the site that manage</FONT>
> <BR><FONT SIZE=3D2>customer information?</FONT>
> </P>
>
> <P><FONT SIZE=3D2>Steve</FONT>
> </P>
>
> <P><FONT SIZE=3D2>p.s. I don't have anything against Allaire, I'm just =
> calling it like I see</FONT>
> <BR><FONT SIZE=3D2>it.</FONT>
> </P>
> <BR>
>
> <P><FONT SIZE=3D2>> -----Original Message-----</FONT>
> <BR><FONT SIZE=3D2>> From: Sean Renet [<A =
> HREF=3D"mailto:[EMAIL PROTECTED]">mailto:sean@broadcastdynamics=
> .com</A>]</FONT>
> <BR><FONT SIZE=3D2>></FONT>
> <BR><FONT SIZE=3D2>> I think it would be really cool if you went to =
> Allaire's website, searched</FONT>
> <BR><FONT SIZE=3D2>> for something and didn't get this:</FONT>
> <BR><FONT SIZE=3D2>></FONT>
> <BR><FONT SIZE=3D2>> Error =
> Diagnostic Information</FONT>
> <BR><FONT SIZE=3D2>> Error =
> occurred in tag CFSEARCH</FONT>
> <BR><FONT SIZE=3D2>></FONT>
> <BR><FONT SIZE=3D2>> Collection =
> failed to open: AllaireWeb6SiteSearch</FONT>
> <BR><FONT SIZE=3D2>></FONT>
> <BR><FONT SIZE=3D2>></FONT>
> <BR><FONT SIZE=3D2>> The error =
> occurred while processing an element with a general</FONT>
> <BR><FONT SIZE=3D2>> identifier of (CFSEARCH), occupying document =
> position (28:1) to (31:57) in</FONT>
> <BR><FONT SIZE=3D2>> the template file</FONT>
> <BR><FONT SIZE=3D2>> =
> D:\WWWROOT\ALLAIREWEB65\CUSTOMTAGSV65\ALLAIREWEB\SITESEARCH\SITESE</FONT=
> >
> <BR><FONT SIZE=3D2>> ARCH.CFM.</FONT>
> <BR><FONT SIZE=3D2>></FONT>
> <BR><FONT SIZE=3D2>></FONT>
> <BR><FONT SIZE=3D2>> Date/Time: =
> 07/11/00 22:55:58</FONT>
> <BR><FONT SIZE=3D2>> Browser: =
> Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)</FONT>
> <BR><FONT SIZE=3D2>> Remote =
> Address: 63.203.119.82</FONT>
> <BR><FONT SIZE=3D2>> HTTP =
> Referer: <A HREF=3D"http://www.allaire.com/search/index.cfm" =
> TARGET=3D"_blank">http://www.allaire.com/search/index.cfm</A></FONT>
> <BR><FONT SIZE=3D2>></FONT>
> <BR><FONT SIZE=3D2>></FONT>
> <BR><FONT SIZE=3D2>></FONT>
> <BR><FONT SIZE=3D2>> How do these guys expect to have people buy =
> into this language when thier</FONT>
> <BR><FONT SIZE=3D2>> own site is constantly breaking?</FONT>
> </P>
>
> <P><FONT =
> SIZE=3D2>---------------------------------------------------------------=
> ---------------</FONT>
> <BR><FONT SIZE=3D2>Archives: <A =
> HREF=3D"http://www.mail-archive.com/[email protected]/" =
> TARGET=3D"_blank">http://www.mail-archive.com/[email protected]/=
> </A></FONT>
> <BR><FONT SIZE=3D2>To Unsubscribe visit <A =
> HREF=3D"http://www.houseoffusion.com/index.cfm?sidebar=3Dlists&body=3Dli=
> sts/cf_talk" =
> TARGET=3D"_blank">http://www.houseoffusion.com/index.cfm?sidebar=3Dlists=
> &body=3Dlists/cf_talk</A> or send a message to =
> [EMAIL PROTECTED] with 'unsubscribe' in the =
> body.</FONT></P>
>
> </BODY>
> </HTML>
> ------_=_NextPart_001_01BFEC13.BA40F1D0--
> ------------------------------------------------------------------------------
> Archives: http://www.mail-archive.com/[email protected]/
> To Unsubscribe visit
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
>message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
>
>
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
