beta testers

I have quickly developed a little blog/ photolog application for my family and friends to keep in touch/share photos. It will be on the domain nicora.net when it's done, but it's just on my development server for now. I have somewhat tested it to this point, but really need some of you guys to go in and tear it apart, let me know of any bugs glitches errors or just simply bad development on my part. One thing that won't work until I get it on my domain is whenever you click a username, it errors out - that will work once I'm finished.

PLEASE refrain from cuss words/inappropriate language/photos!!!! My family will be BETA testing this as well.

http://meidevelopment.meierinc.com//nn/index.cfm

Thanks in advance!

Moved from the Lounge.

Nice effort! I have a similar project but you're a lot further into it. Anyway, things I noticed:

I selected six .jpg files or so, it created the log but said "Only JPEG allowed"

Then I uploaded one renamed .jpeg

Didn't complain but didn't publish it.

Then I went and added three .jpg again. Took it, but didn't show up on my "my photologs" screen, only when I went to the main area and found my upload. Then it appeared there again (maybe a cache issue - explicit no-cache?).

I think you've done quite well.

Now the big test. I took a 3+MB mp3 file, named it .jpg. (my own song, btw, a demo for a free softsynth I did in synthedit).

It's taking it all which makes me wonder what would have happened if I picked a 400MB .wav ...

Well .. it gave me this:

perfect test medialint!

yep, looks like i need a fail safe for uploads, just a try catch should work fine for now. plus i will use a shorter timeout on the lock so if your upload takes longer than say... 10 minutes, it will fail and send an error back to the user.

Thanks!!

I think you should cut off the size, if it exceeds, say, 250KB or whatever limit you wish to set.

i still really need some beta testers. if you have the time, please sign up for an account, then post some blog entries and upload some photo's to the photolog! Thx!!

http://64.185.116.132/nn/index.cfm

ok, version 2 is ready... i could use a few more test subjects.

just off the bat. dont let it tell where the directory is at. this can be used for further probing into systems(security issue since they now know the directory structure.)

big email sent regarding security risk(high risk cat)

if you need help on how to fix it let me know.

--------------------------------------------------------------------------------

Error Occurred While Processing Request
Error Diagnostic Information
ODBC Error Code = 22001 (String data right truncation)


[Microsoft][ODBC SQL Server Driver][SQL Server]String or binary data would be truncated.


SQL = "INSERT INTO photologs (photologsID, memberID, title, logUpdate, shared) VALUES ('12B8EA4A-DB49-4536-9B3D-1095597189B8', '067591B9-0609-48AB-B85E-05ED7A03EBFD', 'testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing testing ', {ts '2004-08-28 13:02:52'}, '1')"

Data Source = "NICORA_NET"


The error occurred while processing an element with a general identifier of (CFQUERY), occupying document position (42:4) to (42:39) in the template file C:\INETPUB\WWWROOT\NN\\0.001\\PHOTOLOGS\\ACT_PHOTOLOGS_ADDPHOTOLOG.CFM.


Date/Time: 08/28/04 13:02:52
Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; sbcydsl 3.12; YPC 3.0.0; SV1; .NET CLR 1.0.3705)
Remote Address: 24.6.87.24
HTTP Referrer: http://meidevelopment.meierinc.com//nn/index.cfm?f=12010





--------------------------------------------------------------------------------

this was for a VERY long file name for uploading. another high risk problem.

maxlengths have been applied to all text fields and i'm going through INSERT and UPDATE statements to trim field values so there aren't any truncation errors.

This is a great test and I appreciate the time VERY MUCH!

directory structure is showing up in errors now, but when launched there will be custom error handeling.

and I hope you got my VERY long email log I sent to you. lemme know if you didnt or did. thnx

now am I allowed to do actual vulnerability testing on this script*cross site scripting, buffer overflows, sql injection,etc..*? and will we for our time get a copy of this for free?