| *** Quits: tavasti (~tavasti@217.152.202.220) (Ping timeout: 272 seconds) | 00:30 | |
| *** Quits: daryn (~daryn@h140.214.31.71.dynamic.ip.windstream.net) (Ping timeout: 240 seconds) | 01:12 | |
| *** Joins: kirillka (~Miranda@195.242.142.17) | 01:12 | |
| *** Joins: daryn (~daryn@h140.214.31.71.dynamic.ip.windstream.net) | 01:20 | |
| *** Quits: daryn (~daryn@h140.214.31.71.dynamic.ip.windstream.net) (Read error: Operation timed out) | 01:32 | |
| *** Joins: davidinc (~davidinc@213.55.100.134) | 01:33 | |
| *** Joins: daryn (~daryn@h140.214.31.71.dynamic.ip.windstream.net) | 01:40 | |
| *** Quits: daryn (~daryn@h140.214.31.71.dynamic.ip.windstream.net) (Ping timeout: 252 seconds) | 01:47 | |
| *** Joins: daryn (~daryn@h140.214.31.71.dynamic.ip.windstream.net) | 01:50 | |
| *** Quits: djSupport (~djsupport@188-221-240-190.zone12.bethere.co.uk) (Read error: Connection reset by peer) | 01:58 | |
| *** Quits: daryn (~daryn@h140.214.31.71.dynamic.ip.windstream.net) (Ping timeout: 265 seconds) | 02:11 | |
| *** Joins: daryn (~daryn@h161.145.16.98.dynamic.ip.windstream.net) | 02:24 | |
| *** Joins: Cupertino (~Cupez@62-177-158-122.dsl.bbeyond.nl) | 02:27 | |
| *** Quits: Cupertino (~Cupez@62-177-158-122.dsl.bbeyond.nl) (Changing host) | 02:27 | |
| *** Joins: Cupertino (~Cupez@unaffiliated/cupertino) | 02:27 | |
| *** Quits: daryn (~daryn@h161.145.16.98.dynamic.ip.windstream.net) (Ping timeout: 265 seconds) | 02:29 | |
| *** Joins: Rixie (~Rixie@0x4dd7390e.adsl.cybercity.dk) | 03:05 | |
| *** Joins: Al_Chapone (~chatzilla@ATuileries-152-1-68-250.w83-202.abo.wanadoo.fr) | 03:19 | |
| *** Quits: Al_Chapone (~chatzilla@ATuileries-152-1-68-250.w83-202.abo.wanadoo.fr) (*.net *.split) | 03:56 | |
| *** Quits: xenofiend (~xenofiend@adsl-065-013-224-006.sip.tys.bellsouth.net) (*.net *.split) | 04:06 | |
| *** Quits: Ragnor (~Ragnor@dslb-092-072-246-212.pools.arcor-ip.net) (*.net *.split) | 04:06 | |
| *** Quits: pferate (~pferate@173-10-116-125-BusName-Washington.hfc.comcastbusiness.net) (*.net *.split) | 04:06 | |
| *** Quits: Cupertino (~Cupez@unaffiliated/cupertino) (*.net *.split) | 04:07 | |
| *** Quits: scribe9343423 (~scribe934@static.96.23.63.178.clients.your-server.de) (*.net *.split) | 04:07 | |
| *** Quits: markw (~markw@mail.wolfenet.org) (*.net *.split) | 04:07 | |
| *** Quits: skayser (~ska@vserver01.sebastiankayser.de) (*.net *.split) | 04:07 | |
| *** Quits: dhx1 (~anonymous@c122-107-170-247.eburwd5.vic.optusnet.com.au) (*.net *.split) | 04:07 | |
| *** Quits: hardyNH (~hardyNH@2002:1880:11a2:0:225:4bff:fe8d:1e6) (*.net *.split) | 04:07 | |
| *** Quits: giallu (~giallu@fedora/giallu) (*.net *.split) | 04:07 | |
| *** Quits: mellen (~thansen@x1-6-00-22-02-00-0c-40.k253.webspeed.dk) (*.net *.split) | 04:07 | |
| *** Joins: mellen (~thansen@x1-6-00-22-02-00-0c-40.k253.webspeed.dk) | 04:59 | |
| *** Joins: skayser (~ska@vserver01.sebastiankayser.de) | 04:59 | |
| *** Joins: pferate (~pferate@173-10-116-125-BusName-Washington.hfc.comcastbusiness.net) | 04:59 | |
| *** Joins: Ragnor (~Ragnor@dslb-092-072-246-212.pools.arcor-ip.net) | 04:59 | |
| *** Joins: markw (~markw@mail.wolfenet.org) | 04:59 | |
| *** Joins: hardyNH (~hardyNH@2002:1880:11a2:0:225:4bff:fe8d:1e6) | 04:59 | |
| *** Joins: giallu (~giallu@fedora/giallu) | 04:59 | |
| *** Joins: xenofiend (~xenofiend@adsl-065-013-224-006.sip.tys.bellsouth.net) | 04:59 | |
| *** Joins: scribe9343423 (~scribe934@static.96.23.63.178.clients.your-server.de) | 04:59 | |
| *** Joins: dhx1 (~anonymous@c122-107-170-247.eburwd5.vic.optusnet.com.au) | 04:59 | |
| *** Joins: Cupertino (~Cupez@unaffiliated/cupertino) | 04:59 | |
| *** Joins: moto-moi (~hylke@cara.xs4all.nl) | 04:59 | |
| *** Quits: davidinc (~davidinc@213.55.100.134) (Ping timeout: 240 seconds) | 05:03 | |
| *** Joins: davidinc (~davidinc@213.55.100.134) | 07:11 | |
| *** Quits: dhx1 (~anonymous@c122-107-170-247.eburwd5.vic.optusnet.com.au) (Remote host closed the connection) | 07:27 | |
| *** Joins: dhx1 (~anonymous@c122-107-170-247.eburwd5.vic.optusnet.com.au) | 07:30 | |
| micahg | nuclear_eclipse: silc-client should be built in -proposed nwo | 08:31 |
|---|---|---|
| micahg | *now | 08:31 |
| nuclear_eclipse | micahg: yeah, I saw the email, gonna download the package and test it out shourtly | 08:57 |
| nuclear_eclipse | thanks for kickstarting that btw | 08:57 |
| micahg | nuclear_eclipse: np, anytime | 08:58 |
| nuclear_eclipse | micahg: it works! :P | 09:10 |
| *** Quits: micahg (~micah@ubuntu/member/micahg) (Ping timeout: 240 seconds) | 09:15 | |
| *** Joins: daryn (~daryn@h158.249.190.173.static.ip.windstream.net) | 09:22 | |
| *** Quits: davidinc (~davidinc@213.55.100.134) (Ping timeout: 252 seconds) | 10:01 | |
| *** Quits: kirillka (~Miranda@195.242.142.17) (Quit: kirillka) | 10:02 | |
| xenofiend | nuclear_eclipse: I'm still trying to get curl to trigger "import latest data" Shouldn't I be able to hit the url from a regular browser and trigger the import? | 10:05 |
| nuclear_eclipse | xenofiend: I should think so | 10:06 |
| nuclear_eclipse | if you manually click the button from the repo manage page, does it work from there? | 10:06 |
| nuclear_eclipse | also, is there a proxy server in between the two servers by any chance | 10:07 |
| xenofiend | no, it goes to a confirmation screen with another import latest data button. | 10:07 |
| nuclear_eclipse | well, right, but once you click there, does it work? | 10:08 |
| xenofiend | yep | 10:08 |
| xenofiend | the confirmation screen has the curl url (ending in: /plugin.php?page=Source/repo_import_latest&id=14) | 10:10 |
| xenofiend | but if I paste that url in the address bar I get the "Invalid security token" error. | 10:10 |
| xenofiend | I don't even get to the confirmation screen. | 10:11 |
| xenofiend | It's like it has to be a two step process. | 10:11 |
| nuclear_eclipse | xenofiend: I think that's because you're logged in, so it's expecting you to have gotten there from the previous page | 10:11 |
| nuclear_eclipse | I think my suggestion at the moment is to create/enable anonymous access account, even if it has zero access to anything, and see if things work that way | 10:12 |
| xenofiend | I did try creating an anonymous user, and tried to hit the page with the same URL and it still gives the error. | 10:31 |
| xenofiend | Are you using the curl method on your mantis? | 10:31 |
| nuclear_eclipse | yep | 10:31 |
| nuclear_eclipse | I'm actually using it in two separate 1.2.3 installs | 10:32 |
| nuclear_eclipse | xenofiend: ok, so what version of mantis and source integration are you using? | 10:32 |
| xenofiend | Mantis 1.2.3 and SCEP 0.16.2 | 10:33 |
| xenofiend | SCIP | 10:34 |
| dhx1 | xenofiend: you shouldn't be able to directly navigate towards any URL that performs an action/modification | 10:35 |
| dhx1 | xenofiend: if you could do that, other sites could load those URLs in an iframe/popup/link and force you to make modifications you are unaware of (see CSRF) | 10:36 |
| nuclear_eclipse | xenofiend: have you tried the actual curl script from the whitelisted IP when anonymous access was enabled? | 10:36 |
| dhx1 | nuclear_eclipse: the problem is that he needs a valid CSRF token (from the previous page) to submit the action | 10:37 |
| nuclear_eclipse | dhx1: yes and no | 10:37 |
| dhx1 | the solution is to probably copy the script and remove the CSRF check, and replace it with an authentication token? | 10:38 |
| nuclear_eclipse | the import pages of the source integration plugins will only require a CSRF token if the request comes from an IP that isn't whitelisted in the source integration config | 10:38 |
| dhx1 | ie. a separate script that has a secret code to use (that other websites wouldn't know) | 10:38 |
| dhx1 | yep | 10:38 |
| nuclear_eclipse | dhx1: that's not the solution :P | 10:38 |
| dhx1 | or you could integrate IP whitelisting or a secret nonce inside the script, as you say | 10:39 |
| nuclear_eclipse | the solution is the whitelist should disabled the need for the token altogether, because "secret" tokens can either be sniffed or replicated elsewhere | 10:39 |
| dhx1 | we aren't concerned about protecting against MITM attacks (that is what TLS solves) | 10:40 |
| nuclear_eclipse | dhx1: I'm not talking about MITM | 10:40 |
| dhx1 | MITM/sniffing/same thing :) | 10:41 |
| nuclear_eclipse | not really | 10:41 |
| dhx1 | well you've got replay attacks in there too | 10:41 |
| dhx1 | also solved via TLS | 10:41 |
| nuclear_eclipse | I'm thinking more along the lines of other users on the same box for things like shared hosting and such... | 10:42 |
| dhx1 | they shouldn't have access to capture network traffic though | 10:42 |
| dhx1 | or to read the configuration files containing any keys (whether it be RSS feed keys, import keys, etc) | 10:43 |
| nuclear_eclipse | you're missing my point | 10:43 |
| nuclear_eclipse | I'm not talking about network traffic | 10:43 |
| nuclear_eclipse | anyways, it's not a big deal | 10:44 |
| nuclear_eclipse | IP whitelisting is better IMO because it means less that you need to configure for each individual repository | 10:44 |
| dhx1 | yep | 10:45 |
| dhx1 | but I'm not so sure about your shared hosting comment supporting the whitelist approach :) | 10:45 |
| nuclear_eclipse | ie, for each repository I have on Github, I don't have to set up a "secret" key, I just whitelist the Github IP block and that's it | 10:45 |
| dhx1 | yep | 10:45 |
| dhx1 | but if the repository was on a host that shared an IP address with other users, you'd need to pass a key via GET/POST parameters to the script (not COOKIE) | 10:46 |
| dhx1 | to avoid unwanted users on the same IP being able to access the import script | 10:46 |
| dhx1 | CSRF is really only concerned with cookies being sent automatically (other sites can tell your browser to load an action page, and your browser will happily provide the authentication to do that action) | 10:48 |
| nuclear_eclipse | anyways | 10:48 |
| nuclear_eclipse | xenofiend: did you see my last suggestion? | 10:48 |
| dhx1 | yeah I've gtg, cya :) | 10:49 |
| *** Joins: tavasti (~tavasti@ov1.tavasti.fi) | 10:52 | |
| *** Quits: Cupertino (~Cupez@unaffiliated/cupertino) (Quit: I give up...) | 10:55 | |
| xenofiend | What user access level is required to activate the import script. | 11:01 |
| nuclear_eclipse | from a whitelisted IP, none, otherwise, they need whatever access level is required to manage a repo | 11:02 |
| nuclear_eclipse | lunchtime, bbiba | 11:02 |
| nuclear_eclipse | bbiab* | 11:02 |
| xenofiend | I'm still getting the invalid token. Mantis wants the user to go through the 2 page process. There doesn't appear to be a way to trigger the import latest script automatically. | 11:26 |
| *** Quits: Rixie (~Rixie@0x4dd7390e.adsl.cybercity.dk) (Quit: Rixie) | 11:52 | |
| nuclear_eclipse | =\ | 12:03 |
| nuclear_eclipse | it's got to be possible because I use it on multiple different installations... =\ | 12:04 |
| nuclear_eclipse | xenofiend: try setting $g_form_security_validation = OFF and see if it works that way -- it's not a good idea to keep that turned on, but if it works without it turned on... | 12:05 |
| xenofiend | OK I'll try that | 12:06 |
| nuclear_eclipse | ah ha! | 12:12 |
| nuclear_eclipse | I know why | 12:12 |
| nuclear_eclipse | I just now remembered that I had recently split repo_import_latest into two separate pages, repo_import_latest is only to be used for user actions, and just 'import' is for automated actions from a whitelist | 12:13 |
| nuclear_eclipse | this is what happens when I stop working on a piece of software for a few months, I forget what I've done and why :P | 12:14 |
| xenofiend | so the url should be: Source/import.php&id=XX | 12:14 |
| nuclear_eclipse | Source/import&id=XX | 12:14 |
| xenofiend | oh that worked! | 12:15 |
| nuclear_eclipse | sorry about that | 12:15 |
| nuclear_eclipse | I wish I would have thought about that yesterday or this morning instead of dragging you on a wild goose chase | 12:16 |
| xenofiend | NP, you were easy to find here. Thank you again for writing the plugin. I'll try and get my boss to make a donation or something. | 12:17 |
| nuclear_eclipse | you're welcome, glad to be helpful :) | 12:18 |
| *** Parts: xenofiend (~xenofiend@adsl-065-013-224-006.sip.tys.bellsouth.net) | 12:40 | |
| *** Joins: micahg (~micah@ubuntu/member/micahg) | 14:15 | |
| *** Quits: daryn (~daryn@h158.249.190.173.static.ip.windstream.net) (Quit: Ex-Chat) | 14:53 | |
| *** Joins: djSupport (~djsupport@188-221-240-190.zone12.bethere.co.uk) | 15:06 | |
| *** Joins: daryn (~daryn@h158.249.190.173.static.ip.windstream.net) | 15:13 | |
| *** Joins: paulr (~IceChat09@2001:470:9310:aaaa:f85e:23bd:c4a2:d0be) | 15:22 | |
| *** Quits: micahg (~micah@ubuntu/member/micahg) (Ping timeout: 255 seconds) | 16:07 | |
| *** Joins: micahg (~micah@ubuntu/member/micahg) | 17:07 | |
| *** Quits: paulr (~IceChat09@2001:470:9310:aaaa:f85e:23bd:c4a2:d0be) (Quit: Few women admit their age. Few men act theirs.) | 17:43 | |
| *** Quits: daryn (~daryn@h158.249.190.173.static.ip.windstream.net) (Quit: Ex-Chat) | 17:48 | |
| *** Quits: moto-moi (~hylke@cara.xs4all.nl) (Ping timeout: 250 seconds) | 18:22 | |
| *** Quits: scribe9343423 (~scribe934@static.96.23.63.178.clients.your-server.de) (Remote host closed the connection) | 20:00 | |
| *** Joins: scribe9343423 (~scribe934@static.96.23.63.178.clients.your-server.de) | 20:00 | |
| *** Quits: micahg (~micah@ubuntu/member/micahg) (Ping timeout: 265 seconds) | 20:16 | |
| *** Joins: daryn (~daryn@h71.4.170.216.ip.windstream.net) | 21:09 | |
| *** Parts: daryn (~daryn@h71.4.170.216.ip.windstream.net) | 22:03 | |
| *** Joins: daryn (~daryn@h71.4.170.216.ip.windstream.net) | 22:19 | |
| *** Parts: daryn (~daryn@h71.4.170.216.ip.windstream.net) | 23:21 | |
| *** Joins: micahg (~micah@ubuntu/member/micahg) | 23:24 | |
Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!