Big Boss
I started the day looking at a fix for the RSS bug that took our site down over the weekend. I got drafted into looking for security holes in some user web scripts. In between I fielded calls assigned to our group and responded to some myself.
Posted on Tue, 30 Jun 2009 Tags: zope
Tests and Fixes
I I tested the new diagram submission form (it passed) and then went back to testing and fixing cmlib.
Posted on Fri, 26 Jun 2009 Tags: perl zope
Testing and Looking
I retested the changes for the next par release and looked at the Zope LDAP Manager code to find where LDAP attributes are defined. In turned out to be SchemaDefaults.py
Posted on Thu, 25 Jun 2009 Tags: par ldap
PAR Time
I checked out a php script for security problems, wrote my par employee comments, and did a project review for my two ldap projects.
Posted on Wed, 24 Jun 2009 Tags: ldap
Security Checking
I finished my security testing. No additional vulnerabilities were found. I tlaked with Greg about Jared's problems and worked some more on debugging stiki.
Posted on Tue, 23 Jun 2009 Tags: perl
Testing
I sent a new message to Jared documenting the par ldap interface. I finished testing Greg's modifications to the par. Then I went back to my security audit.
Posted on Wed, 17 Jun 2009 Tags: par perl
Par Is Still With Us
I spent the day answering a question by Jared and testing recent changes to the par application.
Posted on Tue, 16 Jun 2009 Tags: par
Security
I looked for security holes in our web applications in order to justify spending more time on this work and it didn't take me very long to find a hole in one of our cgi-bin scripts.
Posted on Fri, 12 Jun 2009 Tags: web
Stiki Again
I did more work on stiki, the demo app for cmlib. I'm squashing bugs and it's close to done.
Posted on Thu, 11 Jun 2009 Tags: perl
Cmlib again
Monday nad Tuesday I was attending web security training. Today I worked on fixing security problems in cmlib that the training made me aware of.
Posted on Wed, 10 Jun 2009 Tags: perl