Open-AudIT
https://www.open-audit.org/phpBB3/

Database does not reject entries where system_uuid=''
https://www.open-audit.org/phpBB3/viewtopic.php?f=8&t=3832
Page 1 of 1

Author:  jonbendtsen [ Fri Oct 22, 2010 12:58 am ]
Post subject:  Database does not reject entries where system_uuid=''

Hi

Why does the database not reject entries where system_uuid='' aka it is empty? While the database disallows NULL, it does not catch '' because '' is not NULL.

Source of problems? My first few open mac audit script attempts did not always get an UUID from the system. So when it sends the results to my openaudit server, I do sometimes get strange entries, and I have this offsite mac which the user can not update himself :roll: so I cant get it fixed yet.

This bug might also be hit by others who try to develop their own audit client for openaudit. In the future I need a better linux one, but it is not yet a priority for me. But for mobile phones? I can easily see that one day we need OpenAudit for mobile phones.

Author:  jpa [ Fri Oct 22, 2010 3:00 am ]
Post subject:  Re: Database does not reject entries where system_uuid=''

The original audit.vbs script bends over backwards to get a valid UUID. The server side should probably reject blank UUIDs but it's never really been a problem. I think the onus should be on the audit script. What's the point of doing a massive audit and then sending all the data to the server with one glaring error that the auditor should catch.

Given that it should be pretty easy to test for a blank UUID and die or exit in admin_pc_add_2.php.

Author:  jonbendtsen [ Tue Oct 26, 2010 11:30 pm ]
Post subject:  Re: Database does not reject entries where system_uuid=''

jpa wrote:
The original audit.vbs script bends over backwards to get a valid UUID. The server side should probably reject blank UUIDs but it's never really been a problem. I think the onus should be on the audit script. What's the point of doing a massive audit and then sending all the data to the server with one glaring error that the auditor should catch.

Given that it should be pretty easy to test for a blank UUID and die or exit in admin_pc_add_2.php.

yeah I know, and this is probably going to be my solution.

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/