Desiderius Price

40916

40912

Me too in sending good vibes.

40910

With software, it can be counter productive to toss more people at it (ie too many cooks in the kitchen). Manta would suddenly become a manager, having to get them up to speed, coach, etc; that’d take her away from actually fixing the issue. If we were already trained, worked well together, then yes, using us might make it go faster. Better to step back and make sure she’s not too stressed out.

40908

Thanks, figured I’d try it and needed the guidance. Placement seems a bit on the cryptic side.

Long time coder myself, which is why I can sympathize/empathize with you Manta! When I played around with PHP/SQL/Web, think it was PHP-4/5? – enough to give me an idea of what you’re up to.

Psst… suggest not pinging and interrupting the coder unless you’ve found a bug in the new stuff. And even then, maybe have a single topic/thread to record them so she can deal with it one at a time?

Such a vulnerability would’ve existed since the PHP scripts were first written, and obviously became a problem once that scammy scammer decided to exploit it. That’s as far as I’ll speculate about it.

Well, SQL is the code that databases understand. Anyways, when in a rush or inexperienced or prototyping, the PHP website will take user input, directly make it part of the code that it sends to the database. Now, SQL injection is a user crafting input that isn’t a simple thing like “erotica”, instead they make it funny so instead of a simple “get data” SQL statement, it becomes a “SQL do-this-other-thing” which can be to modify the database, get more than they’re supposed to, etc. A solid fix is not make it part of the SQL, instead treating it as pure data, using the parameter-based SQL which avoids the injection issue. – That’s me trying to make it simple. Here’s a web-comic about it. https://xkcd.com/327/

Given the nature of the issue (SQL Injection), a fair chunk of the website’s PHP script SQL bindings have to be rewritten, parameterizing and seriously sanitizing all user input. Typos will happen, part of the process, I’m afraid.

See the posts/updates from manta2g. “Green” is supposed to be the key though to what’s been vetted.

40906

40904

40902

40900

40898

40896

40894

40890

40888

40886

That was the distinction I was missing. Fanfic, by its nature, is taking elements of canon and the contributions of the fanfic writer (at least in plot & the actual word arrangements) – I know, that’s being generous for some of the fanfic out there. An exact determination of derivative vs transformative can require a court case, to determine if fair use would apply (thereby allowing the fanfic writer to ignore a demand of the canon author to not post a fanfic). However, I’m not willing to spend $100k to defend a fanfic in court, and there’s that ever present chance to LOSE the case making the fanfic situation worse. Luckily for my Harry Potter fanfic, JK Rowling did famously allow fanfic on a not-for-money basis; thus rendering the debate closer to academic as I doubt I’d ever feel comfortable charging readers for my writings. (p.s. why is my auto-correct wanting to change “fanfic” to “fanatic”?)