On 03/06/15 18:02, Eric Mill wrote:
On Wed, Jun 3, 2015 at 11:46 AM, Rob Stradling <rob.stradl...@comodo.com
<mailto:rob.stradl...@comodo.com>> wrote:
Even better if you were to open-source the code ;)
That's a conversation I've yet to have with my employer.
Strongly agree. The impact of crt.sh will be bigger, and its momentum
will be higher for potential public contributions. And if we're talking
about infrastructure in the service of public good, the more open source
the better. Don't let concerns over code quality get in the way.
It's a conversation I intend to have with my employer. :-)
I notice that % is your wildcard character. Hopefully this doesn't
indicate a SQL injection risk!
Also, the database used by https://crt.sh is a read-only slave, so
even if you could inject something like "DROP TABLE certificate", it
would fail to execute.
It's still probably worth verifying that people can't insert arbitrary
SQL commands, even if some of them that you've thought of are unlikely
to work in practice.
Sure. I verified that before I announced the site this morning. And I
double-checked it after Richard's post. (But of course I only have one
set of eyeballs... ;-) ).
-- Eric
Sent from my iPhone. Please excuse brevity.
On Jun 3, 2015, at 10:01, Rob Stradling
<rob.stradl...@comodo.com <mailto:rob.stradl...@comodo.com>>
wrote:
On 03/06/15 14:43, Eric Mill wrote:
This is outstanding - simple, but totally what people
need to start
getting the idea and benefit of CT.
Thanks Eric. :-)
One high ROI addition might be RSS feeds for search
terms. That way, I
could create e.g. an IFTTT alert that emails me whenever
a certificate
is publicly logged as being issued for my domains.
Indeed. It's on the todo list.
-- Eric
On Wed, Jun 3, 2015 at 8:56 AM, Rob Stradling
<rob.stradl...@comodo.com <mailto:rob.stradl...@comodo.com>
<mailto:rob.stradl...@comodo.com
<mailto:rob.stradl...@comodo.com>>> wrote:
Hi. I thought folks here might find this useful.
It's a web
interface that lets you search for certs that have
been logged by CT.
https://crt.sh
Pronounced "search". :-)
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
<mailto:dev-security-policy@lists.mozilla.org>
https://lists.mozilla.org/listinfo/dev-security-policy
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505 <tel:%2B44.%280%291274.730505>
Office Fax: +44.(0)1274.730909 <tel:%2B44.%280%291274.730909>
www.comodo.com <http://www.comodo.com>
COMODO CA Limited, Registered in England No. 04058690
Registered Office:
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please
notify the sender by replying to the e-mail containing this
attachment. Replies to this email may be monitored by COMODO for
operational or business reasons. Whilst every endeavour is taken to
ensure that e-mails are free from viruses, no liability can be
accepted and the recipient is requested to use their own virus
checking software.
--
konklone.com <https://konklone.com> | @konklone
<https://twitter.com/konklone>
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com
COMODO CA Limited, Registered in England No. 04058690
Registered Office:
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
sender by replying to the e-mail containing this attachment. Replies to
this email may be monitored by COMODO for operational or business
reasons. Whilst every endeavour is taken to ensure that e-mails are free
from viruses, no liability can be accepted and the recipient is
requested to use their own virus checking software.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
