Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
Kristen
Test
22859 Posts |
 Posted - 2007-08-29 : 14:58:05
|
| We have some Developer Backdoor Stuff in our apps. Just wondered if other folk have any suggestions?(We make a web application)If logged on user is recognised as "Developer" then:Toolbar added to the top of the page. Provides access to "Edit page", "Edit CSS" and so on (general page manipulation type stuff)Bottom of the page has:Status. Version of the software, status of the page (Dev, Ready-for-testing, Bug-found, Accepted), Name of Server/Database connected to (useful if LIVE site accidentally connected to TEST db!!)Feedback. List of the Feedback that anyone has left on the page (this is threaded, like a forum, with the ability to REPLY to a particular issue, plus Developer can change the status from "Open" to "Test" and author from "Test" to "Closed"). Also a link to "add new feedback" (so Client testers can put a comment in and, HOPEFULLY!, other folk wanting to report the same issue will see it has already been raised!)(Then we have a report for Open Feedback; Feedback Assigned to specific person [e.g. "Me" = current-todo-list]; a list of pages still at Test status - i.e. a list of pages yet-to-be-approved by the Client)Actions. This provides a list of things the application has done. For us this is mostly the EXEC syntax for the SQL calls, so we can re-try then, manually, in Query Analyser etc. Repair/refactor/improve them, "unit-test", and re-run the page. Also a Log of everything [that the App has been programmed to log!] which has happened on that pageThere are probably a few other odds & sods but those are the main ones that spring to mind.Thanks,Kristen |
|
|
spirit1
Cybernetic Yak Master
11752 Posts |
Posted - 2007-08-29 : 15:12:08
|
| looks like you've got it covered pretty well...we also have something like this plus we have timers in pages so we can measure particular page part load time._______________________________________________Causing trouble since 1980blog: http://weblogs.sqlteam.com/mladenp |
 |
|
|
Kristen
Test
22859 Posts |
Posted - 2007-08-29 : 15:14:33
|
| Thanks.We have the elapsed timer thing - we have a dummy-image on the rendered page that "calls home" - so we get Start time (@ server), time server finished, and then "time user's browser finished rendering and called home". We can extract that from our logs - e.g. which pages never called home, average time to build and average time (thereafter) to render - by browser-type if we so wish.Kristen |
|
|
|
spirit1
Cybernetic Yak Master
11752 Posts |
Posted - 2007-08-29 : 15:16:17
|
| interesting.how do you do the call home part exactly?_______________________________________________Causing trouble since 1980blog: http://weblogs.sqlteam.com/mladenp |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2007-08-29 : 15:32:28
|
<IMG SRC="ImageThingie.ASP?MagicID=1234" height=0 width=0>ImageThingie.ASP has a response mime type of JPG or whatever, uses the Query params to do whatever is necessary (in this case record the server-time against the magicID record, representing the "time to render")We also use this in Bulk Mail to record who read it (assuming they have an open Internet connection AND have allowed images in Outlook etc), and how often. But an IMG tag with a .ASP etc. filename (or even parameters for that matte - if you decide to "fake" an ASP file via a .JPG filename  ) - indeed, even unique filename JPGs can do that - increases the Spam Counter for things like SpamAssasin.Ditto with any "link" that they click on in the EMail - they are all routed to GO.ASP?ID=1234, and the "1234" bit tells us a_Who, b) WHICH link, and C) The real URL to redirect the user to.Kristen |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2007-08-29 : 15:33:52
|
| (We also have a JavaScript Error catch-routine which calls home - with the details of the JavaScript error, and the ID of the Log for the page-render - so we can tie it to session and what the user was doing at the time) |
|
|
|
spirit1
Cybernetic Yak Master
11752 Posts |
Posted - 2007-08-29 : 15:35:10
|
very nice! i just might steal that  _______________________________________________Causing trouble since 1980blog: http://weblogs.sqlteam.com/mladenp |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2007-08-30 : 04:34:32
|
| I can send you the ASP code if you like (faking being a JPG is a bit of a pain if you haven't done it before)Kristen |
|
|
|
spirit1
Cybernetic Yak Master
11752 Posts |
Posted - 2007-08-30 : 04:42:27
|
| yes yes!! _______________________________________________Causing trouble since 1980blog: http://weblogs.sqlteam.com/mladenp |
|
|
|
|
|
|
|
|
Developer Backdoor Stuff