Posts Tagged ‘databases’

Odd bugs and the case of an aging database

Sunday, August 29th, 2010

I was doing some troubleshooting recently trying to fix some issues reported in the Captcha of a registration system. The Captcha wasn’t always properly displaying and wouldn’t recognize valid code entries intermittently. After tracing some of the PHP to find just how the Captcha’s were being generated and managed, I found my way to the MySQL database and the table storing the values.

It took only a glance at the last and only row  to determine what the problem was – The primary key for the Captcha table was defined as an INT and had reached the value 65535. With the key unable to increment, any non-valid attempt (be it a bot or someone who couldn’t read the Captcha properly), would cause the system to lock up until the 1 in 100,000 chance that the same value was re-generated and someone correctly matched the code.  The failure resulting from this oversight was essentially a Denial of Service on the registration system.  To temporarily solve the issue, I did a simple reset of the primary key[1], which should buy a few years of development time to resolve the core issue.

This situation possesses an interesting design consideration when building long-running applications, even when you aren’t planning on storing a large amount of data for a long time. Tables that are frequently populated with new data should have measures in place to either handle recycling over-used values or should be built in a way that avoids these sort of conditions.  In the case of the Captcha above, the primary key was hardly used and could have been factored out entirely without the application running differently.

Looks like it’s time to get this database a subscription to AARP and some Depends….

References:

[1] Resetting a Primary Key

Tags: , , , , , , ,
Posted in Articles | No Comments »

The psych0tik network presents: proxyElite

Friday, July 2nd, 2010

After nearly 3 years of downtime, psych0tik is happy to bring you the new and improved proxyElite!

We’ve spent the last few months completely rewriting the core code and redesigning the database to be more stable and reliable. Thusfar, we’ve been very happy with the results. The proxyElite web application itself is definitely in an infantile state as far as development and design, but we wanted to bring you usable proxy results sooner rather than later.

Features of the new proxyElite include:

  • Dynamically updated proxy databases – new proxies are loaded automatically
  • Multiple methods for verifying proxy’s usability – to improve accuracy
  • A proxy detector tool – to help determine how noticeable the proxy you are using is
  • Extensible design – more modules for growing and updating proxy lists are easily added (and some are already in development)

While we’ve done a fair amount of testing on our development server to make sure this code is production-ready, it is still beta code. If you see something that looks broken, wrong, or otherwise out of place – please let us know!

You can check out the new site, at the old address: http://proxyElite.net

~psych0tik staff

Tags: , , , , , , ,
Posted in psych0tik News | No Comments »

Reading Rainbow: Episode 10

Monday, July 7th, 2008

“90% of emails sent are spam” is a statistic found on the following article. With such a large percentage of emails being considered spam protection techniques need to move to proactive, rather than reactive. One method being suggested is tracking the sources and flow of email traffic.http://sify.com/finance/fullstory.php?id=14698112

In my continuing search for information pertaining to cyber warfare I have found the following two articles. The first describes why global hackers are so hard to detect and the problems both security related and political this creates. The second article shows that France is making an effort to join the “digital front line.” It explains France’s strategy to get into the cyber warfare game. http://www.livescience.com/technology/080619-chinese-hackers.html http://news.xinhuanet.com/english/2008-06/19/content_8402780.htm

This article lists 10 of the most infamous “black hat’s” over the years along with what they are known for doing. Interestingly enough, the fact that they are known shows they are not quite as good as people make them out to be. http://www.itpro.co.uk/603831/ten-of-the-most-infamous-black-hat-hackers

With anti-virus software and firewalls on the rise, virus writes have moved to targeting routers. By changing the DNS settings on a router the attacker gains control of all traffic the infected network has access too. Pointing sites to malware ridden pages or conducting man-in-the-middle attacks are only the beginning of this potential. http://www.itpro.co.uk/603852/new-trojan-threat-able-to-control-network-routers

“Be careful what you say” is something we’ve all heard, but in the current day and age perhaps “be careful what you email” is more relevant. Two Bear Stearns hedge fund managers have been brought up on charges for misleading investors. Part of the evidence are email records proving that these two knew the market was not where they claimed it to be. http://biz.yahoo.com/ap/080620/bear_stearns_investigation.html

MySQL may be partially going closed source thanks to Sun, but IBM is taking DB2 to the open source market. It is not directly going to be put out for all eyes, but according to Chris Livesey it is inevitable that DB2 will end up in the open source world. Read more here: http://news.cnet.com/IBM-to-open-source-DB…1694.html?tag=html.alert.hed

For those of you old enough to remember some of Blizzard’s classics: Diablo and Diablo II (and Lord of Destruction), it seems Blizzard is going to be blessing us with Diablo III. So far 2 character classes have been released, the barbarian and the witch doctor. http://www.blizzard.com/diablo3/

Tags: , , , , , , , , , ,
Posted in SamuraiNet Archive | No Comments »