Archive of May 2007

Monday, May 28, 2007

Erie Canal Floodgate

Erie Canal Floodgate
May 28, 2007 @ 06:59 pm | Category:

Sailing Past a Tree

Sailing Past a Tree
May 28, 2007 @ 06:54 pm | Category:

Blue Sail in the Sun

Blue Sail in the Sun
May 28, 2007 @ 06:49 pm | Category:
Tuesday, May 22, 2007

Samuel Adams Old Fezziwig Ale

Samuel Adams Old Fezziwig Ale
May 22, 2007 @ 12:45 pm | Category:
Friday, May 11, 2007

Goose Island Oatmeal Stout

Goose Island Oatmeal Stout
May 11, 2007 @ 12:28 pm | Category:
Wednesday, May 09, 2007

Chainsaw Suicide

This is kind of sad, but exactly how does one arrive at the conclusion to chop off your head with a chainsaw?  One more down, many more to go.
May 9, 2007 @ 04:24 pm | Category:
Saturday, May 05, 2007

PolarBlog Potential Path Disclosure

Yesterday a friend at work found that he could force a path disclosure leak on some sites running PolarBlog (and many other application also I would think).  This does not pose a danger to your PolarBlog installation, but can provide information which might be helpful if someone were to find a way into your site via a different application.

The quickest and easiest way to prevent this from occurring is to stop PHP from displaying errors to the screen and saving them to a log file instead.  This is a very good standard security practice that I've followed for a very long time, and you should too.

If you are running your own server and have access to your php.ini file you likely either are already doing this or should easily be able to make the appropriate changes there.  But most people run in a shared hosting environment and will need to do this via a .htaccess file.  Information for how to do this has long been in the PolarBlog documentation.  It is highly recommended that you read and implement the changes in the .htaccess File section of the PolarBlog Documentation.  This will prevent PHP errors from being displayed on your site when any PHP errors occur in any of your PHP applications.  Again, this is a highly recommended security practice that will prevent all of your PHP application from leaking potentially exploitable information to those who may wish you ill.

I will release an update soon that will prevent this information leak, although I consider this to be a minor security issue, at least for PolarBlog.  But being this information could be leveraged to help attack your system I will be closing this disclosure bug.
May 5, 2007 @ 08:00 am | Category:

Samuel Adams Cranberry Lambic

Samuel Adams Cranberry Lambic
May 5, 2007 @ 07:18 am | Category:
Page 1 of 2