Take It to the Limit

Adam's employer was able to reclaim the company URL from a cyber squatter. Now it should be easy to make sure its site resolves to the new name, right?

Hardly anyone noticed when the e-mail landed in everyone's inboxes from marketing group. There was a lot of fanfare accompanying the message body, but for a small company like Bantam Software Corp. (not the real company's name), being able to use instead of was a pretty big deal. Rumor had it that someone had squatted the domain name several years ago and had been holding it "hostage" for some incredulous sum ever since.

Not long after the URL announcement, the CEO sent an e-mail of much greater importance -- Bantam had just picked up a new client, effectively doubling Bantam's annual revenue.

At least everybody now knew how Bantam was able to purchase the domain name.

After receiving the official "all clear" to proceed, Adam logged into the Bantam Software Web hosting services provider and thought about how he could best transfer over its external Web site to the new domain (e-mail would be handled by a different group, thank goodness).

After some contemplation, he decided to go with what he felt was a fairly safe and low-risk approach that could be accomplished in a couple of hours: He decided to copy the existing site's code to a new directory that the new domain would point to. When it was time to officially use the new domain name, he could redirect the old URL to the new one.

Now it wasn't that he doubted his abilities. Instead, he didn't trust the hosting provider who, often regrettably, only fit into the monetary portion of the "fast, cheap, good -- pick two" adage.

Entering the base URL worked fine. The company's landing page loaded in an expected amount of time and all the images and expected scripts loaded, but any attempts to view anything beyond the main page resulted in an error: "HTTP 500 - CANNOT LOAD, NUMBER FIELD NOT FOUND."

Adam knee-jerked and reached out to the host's support site. But mid-way through drafting a ticket Adam thought it might be wise to dig into the code a little bit first. After all, with the new URL not being live yet, he had the luxury of at least a little time.

Having found the code that dutifully parses out parameters passed via the URL, he noticed something peculiar: The logic parsed out URL parameters based on the length of the URL passed:

protected void Page_Load(object sender, EventArgs e)
  if (!IsPostBack)
    // ...
    string strUrl = HttpContext.Current.Request.Url.AbsoluteUri;
    string strNumber = "";

    if (strUrl.Contains("?") == true)
      strNumber = strUrl.Substring(25, strUrl.Length - 25);         

    // ...

"Oh, so that's why the external sites can only have a single URL," he wondered aloud. The changing of the URL to drop the "my" had shortened each URL's length and resulted in broken logic. Whoops!

Adam made a mental note to change this section of code to use something more sane like Request.QueryString["number"]; but to continue with his testing in the near term, he changed the substring length value to 23 and did some more poking. Hooray! The URLs off the main page worked again.

Adam returned to the draft of the ticket that he had started on the hosting company's support page and deleted the subject line. He had found and fixed one thing ... and he still had a lot of testing to do.

About the Author

Mark Bowytz is a contributor to The Daily WTF. He has more than a decade of IT experience and is currently an analyst for PPG Industries.

comments powered by Disqus


  • Microsoft Extends Low-Code Push with Power Fx Programming Language

    "Using formulas that are already familiar to hundreds of millions of users, Power Fx allows a broad range of people to bring skills they already know to low code solutions."

  • Microsoft's Tools to Fight Solorigate Attack Are Now Open Source

    Microsoft open sourced homegrown tools it used to check its systems for code related to the recent massive breach of supply chains that the company has named Solorigate.

  • Microsoft's Lander on Blazor Desktop: 'I Don't See a Grand Unified App Model in the Future'

    For all of the talk of unifying the disparate ecosystem of Microsoft-centric developer tooling -- using one framework for apps of all types on all platforms -- Blazor Desktop is not the answer. There isn't one.

  • Firm Automates Legacy Web Forms-to-ASP.NET Core Conversions

    Migration technology uses the Angular web framework and Progress Kendo UI user interface elements to convert ASP.NET Web Forms client code to HTML and CSS, with application business logic converted automatically to ASP.NET Core.

Upcoming Events