- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
session.getAttribute("frist")
Also, the entire ordeal left Sophia/Sofia confused about how to spell her name!
Admin
Bonus: 192.168.1 prefix also matches all IP addresses in ranges 192.168.10-192.168.19 and 192.168.100-192.168.199
Admin
Which is definitely not how subnets work.
Admin
Even if it worked for IPv4, their subnet checking fails horribly for IPv6. I guess they didn't hear about that.
Admin
Tim is more of an Auskranker. Someone who just makes devs (& businesses) sick.
Admin
In fact, this code (according to the article) doesn't do anything because the session variable isn't set, so it allows IP addresses in ranges 172.43.0-172.43.255, 865.985.0-865.985.999, etc.
Admin
And then the tech overlords put in a proxy server so that every request has the same IP.
Admin
Since this is JSP which is likely running on Tomcat, a Java flavored Apache httpd, there is a small chance that they could enable to option to use the proxy IP header as the remote addr, which allows access and error logs to show the real address instead of the proxy's. I wouldn't put any money on that though.
Admin
Kudos to Sophia for being a mentee smart enough to see the errors!
Admin
"
getRemoteAddrreturns an IP address, whilegetRemoteHostreturns a "dotted-string form of the IP address" according to the docs..." To me that suggests that getRemoteAddr returns it as an integer or object, whereas getRemoteHost returns the formatted string. Also, why do people consistently mis-use three letter acronyms like "ATM machine" but when it comes to "IP address" they do the opposite and omit the "address" part? It's not an "IP", it's an "IP address".Also also, the article seems to have missed the real WTF, which is that they log an error if the IP addresses don't match but then log another error later saying "oh it's ok ignore the above error"! Just log the "session.invalidated" error inside the "!ip.startsWith(tempIp)" block.
Admin
Oh joy, it doesn't handle what happens when someone picks up a laptop and moves from their coffee shop to their office.
Admin
Another benefit of the (2.5-3 years long) Ausbildung is that you get payed. A Fachinformatiker (likely the job in question) starts at around 980€ (before taxes) + a very decend health insurance + at least 24 days payed leave and around 10 days of payed holidays(and sick leave is not included in the holidays)
Admin
The Bollywood music classes are so much fun! I look forward to each session, knowing I'll leave with a new tune stuck in my head.
Jugalbandi Learning Studio | Best Bollywood music, Kathak Dance, Painting, drawing, Theatre, Drama, Art, Acting, Classes 9811502348 https://posts.gle/UKZTNv 306, Water Tank Road, opp. Himalaya Appt. Nagar Nigam, Sector 5, Vasundhara, Ghaziabad, Uttar Pradesh 201010