Savannah.gnu.org compromised

Posted Nov 30, 2010 17:16 UTC (Tue) by lolando (guest, #7139)
In reply to: Savannah.gnu.org compromised by madscientist
Parent article: Savannah.gnu.org compromised

> It's one thing to build good security in when it's an original design goal: it's MUCH more complicated to add it on after the fact.

I can confirm that. As developer of another derivative from the same original code (FusionForge, also coming from SourceForge via GForge), I spent many many *many* hours rewriting all our database access to use parametrized queries. I feel the pain of the Savannah guys.

Savannah.gnu.org compromised

Posted Nov 30, 2010 20:34 UTC (Tue) by Los__D (guest, #15263) [Link] (1 responses)

Have you considered contributing* the code to the Savannah folks, or has the code diverted too much?

* As in pointing them to your changes, in case they didn't know that they existed.

Savannah.gnu.org compromised

Posted Dec 1, 2010 9:31 UTC (Wed) by lolando (guest, #7139) [Link]

I probably mentioned it to them, yeah. But the patch itself is fairly intrusive and, as you guessed, our most recent common ancestor is more than 10 years old so it's of little practical value. Most of it is replacing db_query("SELECT foo FROM bar WHERE key='$value'") with db_query_params('SELECT foo FROM bar WHERE key=$1',array($value)), which can be semi-automated for about 80% of the queries; the only part of it that's not boring grunt-work (Perl be praised) is a mechanism to handle complex queries built on the fly with varying number of tables in the join, varying number WHERE clauses, and so on, with some combinatory explosion that excludes writing all the possible queries in advance and requires some dynamic stuff.

(If anyone's interested, https://fusionforge.org/scm/viewvc.php/trunk/src/common/i... has the implementation)