possible NATS exploit?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • gooddomains
    Too lazy to set a custom title
    • Jul 2003
    • 10127

    #1

    possible NATS exploit?

    Can anyone confirm or deny this information?

    http://www.gofuckyourself.com/showthread.php?t=630815

  • IceMaster
    Confirmed User
    • Jan 2005
    • 8920

    #2
    I guess that the script connects to a nats site and sponsors get it down for too many requests.

    Comment

    • darksoul
      Confirmed User
      • Apr 2002
      • 4997

      #3
      lol, you're so clueless.
      1337 5y54|)m1n: 157717888
      BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
      Cambooth

      Comment

      • themanager
        Confirmed User
        • Apr 2006
        • 508

        #4
        I have n o idea.

        Comment

        • gooddomains
          Too lazy to set a custom title
          • Jul 2003
          • 10127

          #5
          Sounds more like a more serious problem at first sight

          Comment

          • darksoul
            Confirmed User
            • Apr 2002
            • 4997

            #6
            Originally posted by IceMaster
            I guess that the script connects to a nats site and sponsors get it down for too many requests.
            neh, the database on that server its fucked up.
            nothing directly related to nats.
            1337 5y54|)m1n: 157717888
            BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
            Cambooth

            Comment

            • gooddomains
              Too lazy to set a custom title
              • Jul 2003
              • 10127

              #7
              What about the other programs that also do not seem to work ?

              Comment

              • IceMaster
                Confirmed User
                • Jan 2005
                • 8920

                #8
                Anyway its getting popular so everybody will start finding bugs for it soon.

                Comment

                • gooddomains
                  Too lazy to set a custom title
                  • Jul 2003
                  • 10127

                  #9
                  Originally posted by IceMaster
                  Anyway its getting popular so everybody will start finding bugs for it soon.
                  Do you have any more inside knowledge than the rest of us ?

                  Comment

                  • IceMaster
                    Confirmed User
                    • Jan 2005
                    • 8920

                    #10
                    Originally posted by gooddomains
                    Do you have any more inside knowledge than the rest of us ?

                    No, but happens with everything... phpbb... vbulletin... windows...

                    Comment

                    • gooddomains
                      Too lazy to set a custom title
                      • Jul 2003
                      • 10127

                      #11
                      Originally posted by IceMaster
                      No, but happens with everything... phpbb... vbulletin... windows...
                      oh well, seems hackers are everywhere

                      Comment

                      • Kimo
                        ...
                        • Jan 2006
                        • 11542

                        #12
                        is this for real?
                        ...

                        Comment

                        • gooddomains
                          Too lazy to set a custom title
                          • Jul 2003
                          • 10127

                          #13
                          Originally posted by Kimo
                          is this for real?
                          Read the other thread

                          Comment

                          • tenderobject
                            Need Designs? 312352846
                            • Dec 2004
                            • 11688

                            #14
                            some nats programs are ok


                            NEED DESIGNS?!?

                            Comment

                            • studiocritic
                              Confirmed User
                              • Jun 2005
                              • 2442

                              #15
                              Originally posted by IceMaster
                              No, but happens with everything... phpbb... vbulletin... windows...
                              NATS isn't open source.. security through obscurity.

                              There are Zend decoders now, though.
                              254342256

                              Comment

                              • darksoul
                                Confirmed User
                                • Apr 2002
                                • 4997

                                #16
                                Originally posted by studiocritic
                                NATS isn't open source.. security through obscurity.
                                nor is vbulletin or windows
                                1337 5y54|)m1n: 157717888
                                BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
                                Cambooth

                                Comment

                                • IceMaster
                                  Confirmed User
                                  • Jan 2005
                                  • 8920

                                  #17
                                  Originally posted by studiocritic
                                  NATS isn't open source.. security through obscurity.

                                  There are Zend decoders now, though.
                                  I was talking about the posibility, i dont really know how Nats works or what they offer.

                                  Comment

                                  • gooddomains
                                    Too lazy to set a custom title
                                    • Jul 2003
                                    • 10127

                                    #18
                                    Originally posted by studiocritic
                                    NATS isn't open source.. security through obscurity.

                                    There are Zend decoders now, though.
                                    What has Zend to do with this ?

                                    Comment

                                    • gooddomains
                                      Too lazy to set a custom title
                                      • Jul 2003
                                      • 10127

                                      #19
                                      Originally posted by tenderobject
                                      some nats programs are ok
                                      ok, so it seems only some programs are having problems. Could this be related to a certain version or is it may be a mysql problem ?

                                      Comment

                                      • Pimpin_J
                                        Confirmed User
                                        • Jul 2006
                                        • 3637

                                        #20
                                        Just a matter of time i think.. all adult-cms had/have bugs..
                                        mpa,sitdepth and so on

                                        Comment

                                        • gooddomains
                                          Too lazy to set a custom title
                                          • Jul 2003
                                          • 10127

                                          #21
                                          Originally posted by Pimpin_J
                                          Just a matter of time i think.. all adult-cms had/have bugs..
                                          mpa,sitdepth and so on
                                          Has any of them exposed already ?

                                          Comment

                                          • Pimpin_J
                                            Confirmed User
                                            • Jul 2006
                                            • 3637

                                            #22
                                            There wasnt a public advisory as far as i know but i said it here allready http://www.gofuckyourself.com/showthread.php?t=629368

                                            Comment

                                            • gooddomains
                                              Too lazy to set a custom title
                                              • Jul 2003
                                              • 10127

                                              #23
                                              Thx for the info

                                              Comment

                                              • Nathan
                                                Confirmed User
                                                • Jul 2003
                                                • 3108

                                                #24
                                                This is not a NATS bug, its neither a NATS exploit.

                                                People that do not understand errors should not throw around words like "exploit"... what other programs do not work right now? I only know of this one problem with panchodog.

                                                The error with panchodog is a mysql problem, not a NATS problem. Just because NATS is so nice and actually produces intelligent error displays for the client does not mean its a damn NATS problem or exploit!
                                                "Think about it a little more and you'll agree with me, because you're smart and I'm right."
                                                - Charlie Munger

                                                Comment

                                                • stickyfingerz
                                                  Doin fine
                                                  • Oct 2005
                                                  • 24984

                                                  #25
                                                  Originally posted by Nathan
                                                  This is not a NATS bug, its neither a NATS exploit.

                                                  People that do not understand errors should not throw around words like "exploit"... what other programs do not work right now? I only know of this one problem with panchodog.

                                                  The error with panchodog is a mysql problem, not a NATS problem. Just because NATS is so nice and actually produces intelligent error displays for the client does not mean its a damn NATS problem or exploit!
                                                  This is what I was thinking also. lol This whole thread is da silly. Dumbest thread of the day?

                                                  Comment

                                                  • darksoul
                                                    Confirmed User
                                                    • Apr 2002
                                                    • 4997

                                                    #26
                                                    Originally posted by Nathan
                                                    Just because NATS is so nice and actually produces intelligent error displays for the client does not mean its a damn NATS problem or exploit!
                                                    http://affiliates.panchodog.com/signup.php?nats=
                                                    NATS has found a problem

                                                    DB Error: Can't open file: 'accounts.MYI'. (errno: 145)

                                                    /usr/home/natsinstall/nats/includes/database.php:430
                                                    I wouldn't consider this an intelligent error
                                                    1337 5y54|)m1n: 157717888
                                                    BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
                                                    Cambooth

                                                    Comment

                                                    • Nathan
                                                      Confirmed User
                                                      • Jul 2003
                                                      • 3108

                                                      #27
                                                      Originally posted by darksoul
                                                      http://affiliates.panchodog.com/signup.php?nats=


                                                      I wouldn't consider this an intelligent error

                                                      Lol.. ok, if ya say so...

                                                      What would be intelligent?

                                                      "Sorry, but there is a problem, please come back later."???

                                                      So the client has to sit there and figure out for hours what the issue actually is?

                                                      The page tells you EXACTLY what the problem is, thats the whole point of an error. Just because YOU do not understand it does not mean its not a correct error.
                                                      "Think about it a little more and you'll agree with me, because you're smart and I'm right."
                                                      - Charlie Munger

                                                      Comment

                                                      • darksoul
                                                        Confirmed User
                                                        • Apr 2002
                                                        • 4997

                                                        #28
                                                        Originally posted by Nathan
                                                        Lol.. ok, if ya say so...

                                                        What would be intelligent?

                                                        "Sorry, but there is a problem, please come back later."???

                                                        So the client has to sit there and figure out for hours what the issue actually is?

                                                        The page tells you EXACTLY what the problem is, thats the whole point of an error. Just because YOU do not understand it does not mean its not a correct error.

                                                        haha
                                                        listen, now you got me mad,
                                                        you're a fucking idiot, I know better than you what that means
                                                        You shouldn't disclose informations to the public moron
                                                        A message like
                                                        "A mysql error was found" would've been more intelligent
                                                        than telling all the world where nats is installed so it can be abused
                                                        when a bug is found.

                                                        That shit is called "path disclosure" look it up genius.

                                                        Also, You don't have to display errors on the site for YOUR customer to
                                                        see it. Those can be logged separately.
                                                        1337 5y54|)m1n: 157717888
                                                        BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
                                                        Cambooth

                                                        Comment

                                                        • darksoul
                                                          Confirmed User
                                                          • Apr 2002
                                                          • 4997

                                                          #29
                                                          Your error just told me:
                                                          the panchodog server is running freebsd
                                                          theres a table called accounts in nats
                                                          nats is installed in /usr/home/natsinstall
                                                          panchodog is running version 3.0.29
                                                          3. nats_error_handler(256, DB Error: Can't open file: 'accounts.MYI'. (errno: 145), /usr/home/natsinstall/nats/includes/database.php, 430, Array) in :
                                                          2. trigger_error(DB Error: Can't open file: 'accounts.MYI'. (errno: 145), 256) in /usr/home/natsinstall/nats/includes/database.php:430
                                                          1. nats_db_fetch_assoc() in /usr/home/natsinstall/nats/www/signup.php:45
                                                          - this appear to be wrappers around pear functions.

                                                          DO YOU REALLY NEED TO GIVE THAT INFO TO THE PUBLIC
                                                          YOU are so fucking intelligent and so are your errors
                                                          1337 5y54|)m1n: 157717888
                                                          BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
                                                          Cambooth

                                                          Comment

                                                          • darksoul
                                                            Confirmed User
                                                            • Apr 2002
                                                            • 4997

                                                            #30
                                                            I advice you to not fucking reply to this thread anymore!
                                                            1337 5y54|)m1n: 157717888
                                                            BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
                                                            Cambooth

                                                            Comment

                                                            • Nathan
                                                              Confirmed User
                                                              • Jul 2003
                                                              • 3108

                                                              #31
                                                              Sorry I made you mad, lol...

                                                              oppinions, oppinions.. everyone and their mother has one...

                                                              We create the errors in this way so the clients notice them, we know our clients... The location disclosure of NATS itself is also no problem because in now-a-days exploits the path can be retreived anyway, its not so hard ya know, people that use exploits will find it fast anyway (in case they even NEED it, which is not even the case)... There is a reason why not even apache has a problem with disclosing full paths to websites, nor does PHP on standard php errors...

                                                              We tried many different error displays in the past, we also had it turned off totally for some time and only did logging, we had too many clients get problems because of it and this way simply fixes things faster (98% of the time)...

                                                              The errors do not disclose information that could not be retreived in many other ways if you want to exploit someone...
                                                              "Think about it a little more and you'll agree with me, because you're smart and I'm right."
                                                              - Charlie Munger

                                                              Comment

                                                              • Nathan
                                                                Confirmed User
                                                                • Jul 2003
                                                                • 3108

                                                                #32
                                                                Originally posted by darksoul
                                                                I advice you to not fucking reply to this thread anymore!
                                                                LOL... you threatening me somehow or what? Chill man, its just an error.. and we have reasons for a backtrace, I'm so sorry that you disagree with how we do things.... live with it...
                                                                "Think about it a little more and you'll agree with me, because you're smart and I'm right."
                                                                - Charlie Munger

                                                                Comment

                                                                • jimthefiend
                                                                  So Fucking Banned
                                                                  • Oct 2003
                                                                  • 18889

                                                                  #33
                                                                  Originally posted by darksoul
                                                                  Your error just told me:
                                                                  the panchodog server is running freebsd
                                                                  theres a table called accounts in nats
                                                                  nats is installed in /usr/home/natsinstall
                                                                  panchodog is running version 3.0.29
                                                                  3. nats_error_handler(256, DB Error: Can't open file: 'accounts.MYI'. (errno: 145), /usr/home/natsinstall/nats/includes/database.php, 430, Array) in :
                                                                  2. trigger_error(DB Error: Can't open file: 'accounts.MYI'. (errno: 145), 256) in /usr/home/natsinstall/nats/includes/database.php:430
                                                                  1. nats_db_fetch_assoc() in /usr/home/natsinstall/nats/www/signup.php:45



                                                                  Dude, that's not exactly difficult to figure out, even without an error message.

                                                                  Comment

                                                                  • darksoul
                                                                    Confirmed User
                                                                    • Apr 2002
                                                                    • 4997

                                                                    #34
                                                                    I see you ignored my advice.


                                                                    Originally posted by Nathan
                                                                    We create the errors in this way so the clients notice them, we know our clients...
                                                                    You just called your clients idiots, good job! You probably know that for a fact cause they chose you!




                                                                    The location disclosure of NATS itself is also no problem because in now-a-days exploits the path can be retreived anyway, its not so hard ya know, people that use exploits will find it fast anyway (in case they even NEED it, which is not even the case)... There is a reason why not even apache has a problem with disclosing full paths to websites, nor does PHP on standard php errors...

                                                                    We tried many different error displays in the past, we also had it turned off totally for some time and only did logging, we had too many clients get problems because of it and this way simply fixes things faster (98% of the time)...

                                                                    The errors do not disclose information that could not be retreived in many other ways if you want to exploit someone...
                                                                    dude, look at all the data I fetched from a simple error
                                                                    I don't want to think how much shit can be fetched from your script.

                                                                    You are supposed to take security seriously and not this fuck it attitude.
                                                                    Just because it can happen in other ways doesn't mean your script has
                                                                    to allow it.
                                                                    1337 5y54|)m1n: 157717888
                                                                    BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
                                                                    Cambooth

                                                                    Comment

                                                                    • darksoul
                                                                      Confirmed User
                                                                      • Apr 2002
                                                                      • 4997

                                                                      #35
                                                                      Originally posted by jimthefiend
                                                                      Dude, that's not exactly difficult to figure out, even without an error message.
                                                                      and you'd know how ?
                                                                      I'll give you one day to show me that data without using nats.
                                                                      if not you'll have to build 100 galleries for epictrash
                                                                      1337 5y54|)m1n: 157717888
                                                                      BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
                                                                      Cambooth

                                                                      Comment

                                                                      • darksoul
                                                                        Confirmed User
                                                                        • Apr 2002
                                                                        • 4997

                                                                        #36
                                                                        Originally posted by Nathan
                                                                        LOL... you threatening me somehow or what? Chill man, its just an error.. and we have reasons for a backtrace, I'm so sorry that you disagree with how we do things.... live with it...
                                                                        the advice was so that you don't get me even more mad and show more about what pos your script is.
                                                                        1337 5y54|)m1n: 157717888
                                                                        BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
                                                                        Cambooth

                                                                        Comment

                                                                        • Nathan
                                                                          Confirmed User
                                                                          • Jul 2003
                                                                          • 3108

                                                                          #37
                                                                          I did not call our clients idiots, far from it.. all I said is that we know our clients well, and we know what they want and ask from us ;)

                                                                          The errors are created like this for a reason, I told you that plenty of times, if you do not understand or agree, thats not my problem, its yours...

                                                                          The information disclosed in no way is a problem, it only helps us and the client, and thats what it is there for...

                                                                          BTW, I just looked at axscripts.com, a friendly advice... you might want to reconsider posting here...
                                                                          "Think about it a little more and you'll agree with me, because you're smart and I'm right."
                                                                          - Charlie Munger

                                                                          Comment

                                                                          • Nathan
                                                                            Confirmed User
                                                                            • Jul 2003
                                                                            • 3108

                                                                            #38
                                                                            Originally posted by darksoul
                                                                            the advice was so that you don't get me even more mad and show more about what pos your script is.
                                                                            Again, sorry that I made you mad... kinda sad how easy it is to get you mad though...

                                                                            And hey, if you know of bugs in NATS (guessing that is what you mean by "what pos your script is"), please do tell! I'd love to know them so we can fix them (in case we have not already in our latest version)
                                                                            "Think about it a little more and you'll agree with me, because you're smart and I'm right."
                                                                            - Charlie Munger

                                                                            Comment

                                                                            • jimthefiend
                                                                              So Fucking Banned
                                                                              • Oct 2003
                                                                              • 18889

                                                                              #39
                                                                              Originally posted by darksoul
                                                                              and you'd know how ?
                                                                              I'll give you one day to show me that data without using nats.
                                                                              if not you'll have to build 100 galleries for epictrash

                                                                              Because I have a working knowledge of php and sql. Considering what you do, I'm shocked as hell you're making such a big deal out of this. Every fucking script I know of displays at least SOME path info in error messages when there are DB issues. There are also 50 million ways to find that info out even without an error.

                                                                              Your motivations in this are more than a little suspect.

                                                                              You don't dictate ANYTHING to me, btw.

                                                                              Comment

                                                                              • MaddCaz
                                                                                Confirmed User
                                                                                • Mar 2006
                                                                                • 9483

                                                                                #40
                                                                                random bump

                                                                                BigCocks.com -
                                                                                MatureWomen.com -
                                                                                Tranny.com -
                                                                                DrunkGirls.com -
                                                                                TeenGirls.com -
                                                                                MonsterCock.com and
                                                                                many more... Click
                                                                                here to see them all!

                                                                                Comment

                                                                                • jimthefiend
                                                                                  So Fucking Banned
                                                                                  • Oct 2003
                                                                                  • 18889

                                                                                  #41
                                                                                  PS, on that lame little support forum for that shitty little trade script you have, there are several posts discussing errors of a similiar nature, AND displaying similiar information. IE. paths, etc.



                                                                                  Does that mean that POS you spam has an exploit?

                                                                                  LMA0

                                                                                  Comment

                                                                                  • darksoul
                                                                                    Confirmed User
                                                                                    • Apr 2002
                                                                                    • 4997

                                                                                    #42
                                                                                    Originally posted by Nathan
                                                                                    Again, sorry that I made you mad... kinda sad how easy it is to get you mad though...
                                                                                    Fact is I prepared a bunch of servers for nats and I know how clueless you are
                                                                                    about servers and when you tell me I dont understand a mysql error yea it gets me mad

                                                                                    (in case we have not already in our latest version)
                                                                                    you are so cocky!
                                                                                    but thanks, I've wasted enough time on it.
                                                                                    1337 5y54|)m1n: 157717888
                                                                                    BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
                                                                                    Cambooth

                                                                                    Comment

                                                                                    • darksoul
                                                                                      Confirmed User
                                                                                      • Apr 2002
                                                                                      • 4997

                                                                                      #43
                                                                                      Originally posted by jimthefiend
                                                                                      Because I have a working knowledge of php and sql. Considering what you do, I'm shocked as hell you're making such a big deal out of this. Every fucking script I know of displays at least SOME path info in error messages when there are DB issues. There are also 50 million ways to find that info out even without an error.

                                                                                      Your motivations in this are more than a little suspect.

                                                                                      You don't dictate ANYTHING to me, btw.
                                                                                      Dude! I didn't said no script has them.
                                                                                      It just give too much information and I don't call that an "intelligent error"
                                                                                      1337 5y54|)m1n: 157717888
                                                                                      BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
                                                                                      Cambooth

                                                                                      Comment

                                                                                      • darksoul
                                                                                        Confirmed User
                                                                                        • Apr 2002
                                                                                        • 4997

                                                                                        #44
                                                                                        Originally posted by jimthefiend
                                                                                        PS, on that lame little support forum for that shitty little trade script you have, there are several posts discussing errors of a similiar nature, AND displaying similiar information. IE. paths, etc.



                                                                                        Does that mean that POS you spam has an exploit?

                                                                                        LMA0
                                                                                        yup, it has a shit load of bugs.
                                                                                        I coded it in two hours but it wont give away any substantial info if lets say it would be hacked.
                                                                                        Can nats say the same if someone hack them ?
                                                                                        Last edited by darksoul; 07-08-2006, 05:40 AM.
                                                                                        1337 5y54|)m1n: 157717888
                                                                                        BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
                                                                                        Cambooth

                                                                                        Comment

                                                                                        • Nathan
                                                                                          Confirmed User
                                                                                          • Jul 2003
                                                                                          • 3108

                                                                                          #45
                                                                                          Originally posted by darksoul
                                                                                          Fact is I prepared a bunch of servers for nats and I know how clueless you are
                                                                                          about servers and when you tell me I dont understand a mysql error yea it gets me mad



                                                                                          you are so cocky!
                                                                                          but thanks, I've wasted enough time on it.
                                                                                          LOL, you are funny... I'm curious how _I_ am "clueless" about servers.. not sure how you base this on the fact that you prepared servers for nats before, but thats ok... I'd like to know what you think makes us (as in Too Much Media, yes, this is not a one-man-show, we actually have an office and employees and such) "clueless" about servers... I'm seriously interested in that btw, I like to learn...

                                                                                          and I'm not cocky, I'm just good at what I do.. well.. and I'm german, so my english might not be perfect...
                                                                                          "Think about it a little more and you'll agree with me, because you're smart and I'm right."
                                                                                          - Charlie Munger

                                                                                          Comment

                                                                                          • jimthefiend
                                                                                            So Fucking Banned
                                                                                            • Oct 2003
                                                                                            • 18889

                                                                                            #46
                                                                                            Originally posted by darksoul
                                                                                            Dude! I didn't said no script has them.
                                                                                            It just give too much information and I don't call that an "intelligent error"

                                                                                            Dude, seriously. How is it NOT intelligent?



                                                                                            NATS has found a problem

                                                                                            DB Error: Can't open file: 'accounts.MYI'. (errno: 145)

                                                                                            /usr/home/natsinstall/nats/includes/database.php:430



                                                                                            That gives you the db name, error code, file thats making the call and on what LINE of code the call is being made from.


                                                                                            I just don't get you. lol

                                                                                            I don't see how that could be more clear.

                                                                                            Comment

                                                                                            • Nathan
                                                                                              Confirmed User
                                                                                              • Jul 2003
                                                                                              • 3108

                                                                                              #47
                                                                                              Originally posted by darksoul
                                                                                              yup, it has a shit load of bugs.
                                                                                              I coded it in two hours but it wont give away any substantial info if lets say it would be hacked.
                                                                                              Can nats say the same if someone hack them ?
                                                                                              Dude, you give away quite a bit of substantial info, its called SOURCE CODE and its available for the whole damn script of yours...
                                                                                              "Think about it a little more and you'll agree with me, because you're smart and I'm right."
                                                                                              - Charlie Munger

                                                                                              Comment

                                                                                              • darksoul
                                                                                                Confirmed User
                                                                                                • Apr 2002
                                                                                                • 4997

                                                                                                #48
                                                                                                Originally posted by Nathan
                                                                                                LOL, you are funny... I'm curious how _I_ am "clueless" about servers.. not sure how you base this on the fact that you prepared servers for nats before, but thats ok... I'd like to know what you think makes us (as in Too Much Media, yes, this is not a one-man-show, we actually have an office and employees and such) "clueless" about servers... I'm seriously interested in that btw, I like to learn...

                                                                                                and I'm not cocky, I'm just good at what I do.. well.. and I'm german, so my english might not be perfect...

                                                                                                If you are so good at what you do , do you know how "least privileges" principle
                                                                                                works ?
                                                                                                And if yes, why don't you apply it ?
                                                                                                Why nats gives access to the entire database to the user thats supposed
                                                                                                to fetch only user and passwords ?

                                                                                                (and I have nothing with too much media, this is between you and me cause you started the shit not your company)
                                                                                                1337 5y54|)m1n: 157717888
                                                                                                BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
                                                                                                Cambooth

                                                                                                Comment

                                                                                                • darksoul
                                                                                                  Confirmed User
                                                                                                  • Apr 2002
                                                                                                  • 4997

                                                                                                  #49
                                                                                                  Originally posted by Nathan
                                                                                                  Dude, you give away quite a bit of substantial info, its called SOURCE CODE and its available for the whole damn script of yours...
                                                                                                  its called open source, lol
                                                                                                  I dont need to hide my code behind encoders
                                                                                                  1337 5y54|)m1n: 157717888
                                                                                                  BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
                                                                                                  Cambooth

                                                                                                  Comment

                                                                                                  • Nathan
                                                                                                    Confirmed User
                                                                                                    • Jul 2003
                                                                                                    • 3108

                                                                                                    #50
                                                                                                    Originally posted by darksoul
                                                                                                    If you are so good at what you do , do you know how "least privileges" principle
                                                                                                    works ?
                                                                                                    And if yes, why don't you apply it ?
                                                                                                    Why nats gives access to the entire database to the user thats supposed
                                                                                                    to fetch only user and passwords ?

                                                                                                    (and I have nothing with too much media, this is between you and me cause you started the shit not your company)
                                                                                                    Yeah, I do.. emm.. and we do not dictate what our clients use in terms of database privileges.. btw, if you think "least privileges" principle is so great, WHY THE FUCK do you tell your axscripts clients to set fucking templates and templates_c to mode 777?!? how is that LEAST PRIVILEGES?!

                                                                                                    Seriously, people in a glass house should not throw with stones, you are looking stupid here.

                                                                                                    Also, NATS has no single user that only fetches user and password... if you mean SPARTA setups with NATS, we actually tell our clients specifically which tables we need select and which we need update/insert privileges on...
                                                                                                    "Think about it a little more and you'll agree with me, because you're smart and I'm right."
                                                                                                    - Charlie Munger

                                                                                                    Comment

                                                                                                    Working...