*HCS* ContactDB: review, modify, add
zeilberg at hcs.harvard.edu
Fri May 19 04:43:14 EDT 2000
On Thu, 18 May 2000, dmolnar wrote:
> login names? I find it a little confusing
> that all I'm asked for is my password -- is this a design decision?
There shouldn't be more than two users (administrator and normal) so we
didn't think there was a need for login names. I added a selector to
choose between the two, so that may help (and get rid of the
> I get "error in SQL syntax"
As Scott noticed, this was a problem with quotes being passed unescaped to
mysql. I was disappointed that this could not be exploited to get root
by creating a description like:
I am going to h4x0r hcs!!'); update admin_table set
apparently the mysql_query function only allows you to pass a single
command. Too bad. That would've been useful.
> Ability to send to everyone on the list?
> Eventually - not now - the ability for people to state times they
> prefer to be contacted (e.g. "don't call after 9:00").
> Eventually - not now - The ability to share contact lists with others,
> merge lists into a temporary account.
> hcs-discuss mailing list
> hcs-discuss at hcs.harvard.edu
More information about the hcs-discuss