Wednesday 25 February 2009

More IIS oddities

hmmmm.

Script connecting to Oracle database worked fine in MSIE but fails in Firefox and Chrome.

On further investigation we discovered that the problem was due to PHP failing to open the tnsnames.ora file (this tells Oracle clients where on the network and what protocol to use when connecting to the database given in ora_logon / oci_connect).

Let's be quite clear here:
- when the request originated from MSIE, IIS had permissions to open the file
- when the request originated from any other browser, IIS did not have permission to open the file

In both cases, the script executes as the same user on IIS. Using a user-agent switcher on Firefox had no impact.

There is an additional complication that the file in question sat on a network share, but that should have no bearing on how IIS behaves. However using a local copy of the file works as expected.

Micorosft IIS's security model is working differently depending on the browser used - this is potentially a security vulnerability in IIS.

Again, Microsoft IIS is giving different and preferential treatment to MSIE browsers

Tuesday 24 February 2009

OS war

At the weekend I was working on my home network. My daughter's new laptop arrived (a samsung R60, £300 @ dabs). This was my first prolonged experience with MS Vista.

I was first pleasantly surprised that it had rather sensibly split the disk into three partitions - one for diagnostics and TWO for Vista - a program drive and data drive! However Microsoft soon put a damper on my excitement - everything is so sssllllloooooowww. Just like previous versions of MS Windows, just about any change requires an immediate reboot - so just getting it working took about 3 hours and 6 reboots (Typically a Linux install from raw metal takes me 45 mins - although I only need to spend about 10 minutes at the computer and 1 reboot).

Then I got down to the business of configuring the software I really wanted. It came with a trial version of MS Office - Microsoft punished my insolence for removing the package by taking over an hour to uninstall it.

It also had SQL Server installed for some reason. That took just as long. And of curse Vista keeps asking me if I really do want to run xyz.exe at seemingly random intervals. How the hell should I know?

Still its just about done now.

Overall the laptop seems to be of good quality although the screen seems a bit washed out - not sure if thats just Vista's colour scheme though. When I've recovered from the pain of cleaning up the default install I'll add dual boot for something - probably PCLinuxOS 2008

Meanwhile, I rolled forward all the patches (only do the security ones on a regular basis) on my Fedora 9 desktop machine. This has taken away most of the rough edges in KDE 4.

Back at the office found a weird problem with PHP/Oracle/IIS - a script a colleague wrote to poll some data from Oracle works as planned if the browser is MSIE, but in Firefox it gives an ORA-12154 error (can't find database / tns names file). Very weird. Investigations continue.