Re: [W3af-develop] HistoryItem improvements

Mon, 09 Apr 2012 04:20:33 -0700 

Taras,

On Sun, Apr 8, 2012 at 3:54 PM, Taras <ox...@oxdef.info> wrote:
> Andres,
>
> I just have made some improvements in HistoryItem class [0]:
>
> * moved whole DB initialization from gtkOutput plugin to HistoryItem
> because it's bad when core thing is depended on one plugin method

    That looks nice,

> * moved sessions dir to w3af's tmp dir (currently /tmp/w3af/PID/). This
> change makes possible to clean up these unnecessary files after w3af
> finish its work.

    I'm not 100% sure about this change, let me explain why:

* I see the great benefit in having this in the /tmp/ directory (your
disk shouldn't fill because each time you reboot all the "w3af garbage
disappears)
* I also see that in a multi-user environment user A running a w3af
scan would be exposing to all the other users which targets he's
scanning
* /tmp/ directory usually has a disk partition quota, which might be
filled very quickly

    If we solve the last two points (not sure how), there wouldn't be
any issues with doing this.

> If you don't mind I will commit it to the trunk: fresh histrory.py and
> gtkOutput.py
>
> By the way do we need gtkOutput plugin now? Currently only Queue
> functionality is in it.

    Could you please refresh my mind regarding the self.queue
attribute? Where/When is it used?

> [0] https://sourceforge.net/apps/trac/w3af/changeset/4850
>
> --
> Taras
> http://oxdef.info
>
> ------------------------------------------------------------------------------
> For Developers, A Lot Can Happen In A Second.
> Boundary is the first to Know...and Tell You.
> Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
> http://p.sf.net/sfu/Boundary-d2dvs2
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework

------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to