Umbhalisi we-APNIC, obhekele ekusatshalalisweni kwamakheli e-IP esifundeni sase-Asia-Pacific, ubike isigameko ngenxa yokuthi ukulahlwa kwe-SQL yesevisi ye-Whois, okuhlanganisa idatha eyimfihlo kanye nephasiwedi, kwenziwa kwatholakala esidlangalaleni. Kuyaphawuleka ukuthi lokhu akukhona ukuvuza kokuqala kwedatha yomuntu siqu ku-APNIC - ngo-2017, isizindalwazi se-Whois sase senziwe satholakala esidlangalaleni, futhi ngenxa yokwengamela kwabasebenzi.
Enqubweni yokwethulwa kosekelo lwephrothokholi ye-RDAP, eklanyelwe ukufaka esikhundleni sephrothokholi ye-WHOIS, abasebenzi be-APNIC babeke ukulahlwa kwe-SQL kwesizindalwazi esisetshenziswa kusevisi ye-Whois kusitoreji samafu se-Google, kodwa abazange bakhawule ukufinyelela kukho. Ngenxa yephutha kuzilungiselelo, ukulahlwa kwe-SQL kwakutholakala esidlangalaleni izinyanga ezintathu futhi leli qiniso lembulwa kuphela ngoJuni 4, lapho omunye wabacwaningi bezokuphepha abazimele eqaphela lokhu futhi wazisa umbhalisi mayelana nenkinga.
Ukulahlwa kwe-SQL kuqukethe izibaluli ze-"auth" eziqukethe amagama ayimfihlo okushintsha izinto ze-Maintainer ne-Incident Response Team (IRT), kanye nolunye ulwazi olubucayi lwekhasimende olungaboniswa ku-Whois phakathi nemibuzo evamile (imvamisa ulwazi lokuxhumana olungeziwe namanothi mayelana nomsebenzisi) . Endabeni yokutholwa kwephasiwedi, abahlaseli bakwazile ukushintsha okuqukethwe kwezinkambu ngemingcele yabanikazi bamabhulokhi wekheli le-IP ku-Whois. Into yoMnakekeli ichaza umuntu onesibopho sokushintsha iqembu lamarekhodi axhunywe ngesibaluli esithi "mnt-by", futhi into ye-IRT iqukethe ulwazi lokuxhumana lwabalawuli abaphendula izaziso zezinkinga. Ulwazi mayelana ne-algorithm ye-hashing esetshenzisiwe ayinikeziwe, kodwa ngo-2017, ama-algorithms aphelelwe yisikhathi e-MD5 kanye ne-CRYPT-PW (amaphasiwedi anezinhlamvu ezingu-8 anama-hashes asekelwe kumsebenzi we-crypt we-UNIX) asetshenziselwa i-hashing.
Ngemva kokuhlonza isigameko, i-APNIC iqalise ukusetha kabusha amaphasiwedi ezinto eziku-Whois. Ohlangothini lwe-APNIC, azikho izimpawu zezenzo ezingekho emthethweni ezingakatholwa, kodwa azikho iziqinisekiso zokuthi idatha ayizange iwele ezandleni zabahlaseli, njengoba awekho amalogi aphelele okufinyelela kumafayela ku-Google Cloud. Njengangemva kwesigameko sangaphambilini, i-APNIC yathembisa ukwenza ucwaningo futhi yenze izinguquko ezinqubweni zobuchwepheshe ukuvimbela ukuvuza okufanayo esikhathini esizayo.
Source: opennet.ru