AT2k Design BBS Message Area
Casually read the BBS message area using an easy to use interface. Messages are categorized exactly like they are on the BBS. You may post new messages or reply to existing messages!

You are not logged in. Login here for full access privileges.

Previous Message | Next Message | Back to VBBS/VADV Support  <--  <--- Return to Home Page
   Networked Database  VBBS/VADV Support   [283 / 661] RSS
 From   To   Subject   Date/Time 
Message   Steve Winn    Douglas Connor   Important Updates   August 28, 2008
 11:31 AM *   

Re: Important Updates

> Steve Winn -> All wrote:
>  SW> I released two important updates today - both fixing the same bug. VA
>  SW> v3.11.080823 and VCleanDB v2.0.080823. The problem occurred while
>  SW> cleaning a
>  SW> deleted user's email. The databaases SNTEMAIL and ONELINE would becom
>  SW> corrupted and posed a security issue since it was possible users coul
>  SW> emails other users had sent.
> 
>  SW> I recommend that you delete SNTEMAIL.* and ONELINE.* from your DB dir
>  SW> after you update.
> 
>  SW> VCleanDB has also been converted into a console application. A new op
>  SW> (/COMPACT) has been added to compact databases which will improve acc
>  SW> speed.
> 
>  SW> Steve
> Hey wow Steve
> I got 3 updates quite close togather
> Hey I hope you got all the bugs out :)

Yeah after the first release I found another bug and killed it.

The first bug was obvious once I looked into it and had been present for quite
some time. The routine to cleanup user's email after you delete a user wasn't
changing databases (it was always using the email database). So the SNTEMAIL
and ONELINE would become corrupt because the BIN files would be from EMAIL.BIN.
So if a user was deleted either using VADV32 or VCleanDB this would happen. The
bad part was if you goto the sent emails in VADV-PHP or VMail then it was
possible that content from other users emails would be shown.

The second bug was trivial but needed to be fixed due to the new /COMPACT
option. It was just a case of a CRLF being added to the BIN files after each
time a deleted user was scanned. So the EMAIL, SNTEMAIL and ONELINE databases
could have grown a few hundred bytes during the scan. This didn't cause any
issues but when /COMPACT was performed it would fix it and show the discrepency
in the log so it was a false positive.


--
[AT2k] -- Your VBBS/VADV Support Center -- [www.at2k.org] -- [bbs.at2k.org]

--- Virtual Advanced Ver 2 for DOS 
 * Origin: Vested Tyme Dataline (63:63/1.23)
 � Synchronet � Killed in Action BBS  at kiabbs.org
--- SBBSecho 2.11-Win32
 * Origin: Killed in Action BBS at kiabbs.org (63:63/103)
  Show ANSI Codes | Hide BBCodes | Show Color Codes | Hide Encoding | Hide HTML Tags | Show Routing
Previous Message | Next Message | Back to VBBS/VADV Support  <--  <--- Return to Home Page
VADV-PHP
Execution Time: 0.0155 seconds

If you experience any problems with this website or need help, contact the webmaster.
VADV-PHP Copyright © 2002-2024 Steve Winn, Aspect Technologies. All Rights Reserved.
Virtual Advanced Copyright © 1995-1997 Roland De Graaf.
 v2.1.241108