DevDisasters

Take It to the Limit

Adam's employer was able to reclaim the company URL from a cyber squatter. Now it should be easy to make sure its site resolves to the new name, right?

Hardly anyone noticed when the e-mail landed in everyone's inboxes from marketing group. There was a lot of fanfare accompanying the message body, but for a small company like Bantam Software Corp. (not the real company's name), being able to use bantamsoft.com instead of mybantamsoft.com was a pretty big deal. Rumor had it that someone had squatted the domain name several years ago and had been holding it "hostage" for some incredulous sum ever since.

Not long after the URL announcement, the CEO sent an e-mail of much greater importance -- Bantam had just picked up a new client, effectively doubling Bantam's annual revenue.

At least everybody now knew how Bantam was able to purchase the domain name.

After receiving the official "all clear" to proceed, Adam logged into the Bantam Software Web hosting services provider and thought about how he could best transfer over its external Web site to the new domain (e-mail would be handled by a different group, thank goodness).

After some contemplation, he decided to go with what he felt was a fairly safe and low-risk approach that could be accomplished in a couple of hours: He decided to copy the existing site's code to a new directory that the new domain would point to. When it was time to officially use the new domain name, he could redirect the old URL to the new one.

Now it wasn't that he doubted his abilities. Instead, he didn't trust the hosting provider who, often regrettably, only fit into the monetary portion of the "fast, cheap, good -- pick two" adage.

Entering the base URL worked fine. The company's landing page loaded in an expected amount of time and all the images and expected scripts loaded, but any attempts to view anything beyond the main page resulted in an error: "HTTP 500 - CANNOT LOAD, NUMBER FIELD NOT FOUND."

Adam knee-jerked and reached out to the host's support site. But mid-way through drafting a ticket Adam thought it might be wise to dig into the code a little bit first. After all, with the new URL not being live yet, he had the luxury of at least a little time.

Having found the code that dutifully parses out parameters passed via the URL, he noticed something peculiar: The logic parsed out URL parameters based on the length of the URL passed:

protected void Page_Load(object sender, EventArgs e)
{
  if (!IsPostBack)
  {           
    // ...
    string strUrl = HttpContext.Current.Request.Url.AbsoluteUri;
    string strNumber = "";

    if (strUrl.Contains("?") == true)
    {
      strNumber = strUrl.Substring(25, strUrl.Length - 25);         
    }

    // ...
}

"Oh, so that's why the external sites can only have a single URL," he wondered aloud. The changing of the URL to drop the "my" had shortened each URL's length and resulted in broken logic. Whoops!

Adam made a mental note to change this section of code to use something more sane like Request.QueryString["number"]; but to continue with his testing in the near term, he changed the substring length value to 23 and did some more poking. Hooray! The URLs off the main page worked again.

Adam returned to the draft of the ticket that he had started on the hosting company's support page and deleted the subject line. He had found and fixed one thing ... and he still had a lot of testing to do.

About the Author

Mark Bowytz is a contributor to The Daily WTF. He has more than a decade of IT experience and is currently an analyst for PPG Industries.

comments powered by Disqus

Featured

  • Compare New GitHub Copilot Free Plan for Visual Studio/VS Code to Paid Plans

    The free plan restricts the number of completions, chat requests and access to AI models, being suitable for occasional users and small projects.

  • Diving Deep into .NET MAUI

    Ever since someone figured out that fiddling bits results in source code, developers have sought one codebase for all types of apps on all platforms, with Microsoft's latest attempt to further that effort being .NET MAUI.

  • Copilot AI Boosts Abound in New VS Code v1.96

    Microsoft improved on its new "Copilot Edit" functionality in the latest release of Visual Studio Code, v1.96, its open-source based code editor that has become the most popular in the world according to many surveys.

  • AdaBoost Regression Using C#

    Dr. James McCaffrey from Microsoft Research presents a complete end-to-end demonstration of the AdaBoost.R2 algorithm for regression problems (where the goal is to predict a single numeric value). The implementation follows the original source research paper closely, so you can use it as a guide for customization for specific scenarios.

  • Versioning and Documenting ASP.NET Core Services

    Building an API with ASP.NET Core is only half the job. If your API is going to live more than one release cycle, you're going to need to version it. If you have other people building clients for it, you're going to need to document it.

Subscribe on YouTube