Implicitly allow requests in IIS from valid hostname

I have a few publicly accessible IIS servers and sites (personal and corporate), these hosts have own domains/subdomains, and all legit access to these https sites happen through domains.

Almost all HTTP app vulnerability scans from bots/rooted servers happen to the servers through IP, without valid hostname, and if there is hostname it is the default reverse DNS host, not the actual domain of the site.

Is there a way in IIS to implicitly only allow requests with proper hostname? The site root app only has bindings to the hostname, but IIS still accepts requests, and responds with 404. The best thing would be to timeout the request similar fashion as if the site doesn’t have HTTP open.

I of course understand that this does not guarantee anything in security wise, the scanner can still figure out the proper hostname in many ways, but it would still filter out 90% of dummy scans.

IPS in firewall can probably do some things, but in some cases I do not have that luxury. Is there way in IIS? Redirect the http request to oblivion? (this would probably just change the error to proxy gateway http errors?)

Implicitly cast an ISO8601 string to TIMESTAMPTZ (postgresql) for Debezium

I am using a 3rd party application (Debezium Connector). It has to write date time strings in ISO-8601 format into a TIMESTAMPTZ column. Unfortunately this fails, because there is no implicit cast from varchar to timestamp tz.

I did notice that the following works:

SELECT TIMESTAMPTZ('2021-01-05T05:17:46Z'); SELECT TIMESTAMPTZ('2021-01-05T05:17:46.123Z'); 

I tried the following:

  1. Create a function and a cast
CREATE OR REPLACE FUNCTION varchar_to_timestamptz(val VARCHAR)  RETURNS timestamptz AS $  $       SELECT TIMESTAMPTZ(val) INTO tstz; $  $   LANGUAGE SQL; CREATE CAST (varchar as timestamptz) WITH FUNCTION varchar_to_timestamptz (varchar) AS IMPLICIT; 

Unfortunately, it gives the following errors:

function timestamptz(character varying) does not exist

  1. I also tried the same as above but using plpgsql and got the same error.

  2. I tried writing a manual parse, but had issues with the optional microsecond segment which gave me the following

CREATE OR REPLACE FUNCTION varchar_to_timestamptz (val varchar) RETURNS timestamptz AS $  $        SELECT CASE          WHEN $  1 LIKE '%.%'              THEN to_timestamp($  1, 'YYYY-MM-DD"T"HH24:MI:SS.USZ')::timestamp without time zone at time zone 'Etc/UTC'          ELSE to_timestamp($  1, 'YYYY-MM-DD"T"HH24:MI:SSZ')::timestamp without time zone at time zone 'Etc/UTC' END $  $   LANGUAGE SQL; 

Which worked, but didn’t feel correct.

Is there a better way to approach this implicit cast?

Implicitly overwrite file content

I’m currently programming a tool for downloading stuff from the internet. For the user it is possible to specify a download folder where all downloaded files are stored.

Assume that the program realize that it should save the download to a file that already exists – how should it react.

Intuitively I would say that the program should come up with some kind of dialog asking the user whether it should replace the existing file, save the download to another file or …

However, due to the automatic execution it is NOT possible to ask the user what should be done (replace, use other file, log error, …).

So what should be done in such a case?

Greetings, quant

Safe to consider webapp user’s email as implicitly confirmed after a password reset?

In my system, a new user must confirm his email.

But there is an edge case:

  • he registers
  • does not confirm
  • forgets password, performs password reset (which involves a mail loop)

At that point I know his email works – so I’m inclined to reset his password, and then simply mark his email as “confirmed”.

Are there any risks I’ve not considered?

How to pass around global or local state implicitly

In my situation I have functions, some of which will use global state, some of which will use local state like the function scope or parent scope, others which use both.

So for example you might have stuff like this:

var MY_GLOBAL = 10 var GLOBAL_STATE = {}  function myfunction1(a) {   return a + myfunction2(a) }  function myfunction2(a) {   return a * MY_GLOBAL + this.parent.arguments[0] }  function myfunction3(k, v) {   return GLOBAL_STATE[k] = v } 

Say I have a 100 functions which all act on the global state. One thing I can do is pass it to every function:

function afunction(state, ...rest) { ... } 

But I’m not sure I want to do this as it would require removing the simplicity and clarity of the functions. I like the idea of having special global variables which you reference in the code. However, I don’t want to just be referencing random global variables.

So one solution I am sort of imagining is having the function definition include the global variable, only if it directly uses it. Then somehow it gets injected in or something. Then any subfunctions that use the global variable, they also get it injected in rather than passed down.

Basically the end goal is I think to not pollute all the functions with these at least 2 variables (global state, and local scope), yet still be able to use them in any function. Wondering what sorts of solutions exist for this. I tried to check out Haskell’s State Monad, but not being a Haskell programmer I don’t see how it works.

Thinking in terms of functional programming with mutable state, not OO programming. Basically like JavaScript.

Can I prove my legal age *implicitly* so that I can drink in the UK?

I hold Swede passport and I am traveling to UK this month. I’ve read (http://news.bbc.co.uk/2/hi/uk_news/6598867.stm) that legal age of drinking alcohol in UK is 16 to 18 depending on the type of beverage.

I am an undergraduate student and look about 18. Can I use my my university card (Swede uni) in place of my passport in bar entries. Since a typical university student is 18 or above so can my university card be as a proof of age, implicitly though?