Big Boss

I started the day looking at a fix for the RSS bug that took our site down over the weekend. I got drafted into looking for security holes in some user web scripts. In between I fielded calls assigned to our group and responded to some myself.

Tests and Fixes

I I tested the new diagram submission form (it passed) and then went back to testing and fixing cmlib.

Testing and Looking

I retested the changes for the next par release and looked at the Zope LDAP Manager code to find where LDAP attributes are defined. In turned out to be SchemaDefaults.py

PAR Time

I checked out a php script for security problems, wrote my par employee comments, and did a project review for my two ldap projects.

Security Checking

I finished my security testing. No additional vulnerabilities were found. I tlaked with Greg about Jared's problems and worked some more on debugging stiki.

Testing

I sent a new message to Jared documenting the par ldap interface. I finished testing Greg's modifications to the par. Then I went back to my security audit.

Par Is Still With Us

I spent the day answering a question by Jared and testing recent changes to the par application.

Security

I looked for security holes in our web applications in order to justify spending more time on this work and it didn't take me very long to find a hole in one of our cgi-bin scripts.

Stiki Again

I did more work on stiki, the demo app for cmlib. I'm squashing bugs and it's close to done.

Cmlib again

Monday nad Tuesday I was attending web security training. Today I worked on fixing security problems in cmlib that the training made me aware of.