Bug Tracker Blog by Corey Trager

Hosting BugTracker.NET at GoDaddy.com

by Corey Trager 29. February 2008 04:27


The most recent release of BugTracker.NET finally includes features that make it a practical choice to use as a publicly accessible issue tracker.   The most recent round of changes include:

  • Allowing users to register themselves
  • "Forgot your password?"
  • Enforcement of strong passwords
  • Ability to browse issues, and even report issues, without registering as a user.

So, after 5 years with no online demo, there finally is a demo of Bug at http://ifdefined.com/btnet.  I have some worries about this public demo.  Since BugTracker.NET is so configurable, I worry that people will make snap judgements that the demo installation represents all that BugTracker.NET can do.   They won't realize that the demo installation is just one possible configuration.   If my hosting account at GoDaddy allowed me to have multiple databases I would set up another demo, intentionally different from the first, just to give folks a sense of the range of configuration and customization options.

A second worry is that I have made some sort of mistake in my coding related to security, a mistake that will allow the bad guys to do ifdefined.com some harm.    I try my very best to write secure code, but I have made mistakes over the years.   I am worried about spammers and bots flooding my database with garbage, but so far, in the week or so the demo has been live, that hasn't happened.  I have my demo configured to email me whenever my code throws an exception.   There was a brief period where I got dozens of emails as a result of somebody probing my app for SQL injection vulnerabilities. That's a mistake I have made in the past, but as far as I know, I don't have any holes today.   And as far as I know, the attacker wasn't successful.

I did have to make some code changes to BugTracker.NET for the GoDaddy hosting environment.   Here they are:

  • "Unable to validate data".  In Web.config, I now set "enableViewStateMac" to false to make the app more compatible with being hosted on a web farm that doesn't support server affinity.   By default, ASP.NET will try to determine if the Viewstate variable has been tampered with.   The mechanism for doing so uses a key that is specific to the machine, so if the page is served up by one of the machines on the farm but the response goes to another, then the Viewstate variable will appear to have been tampered with.   Another solution would be to hardcode the key into the Web.config, forcing the same key on each machine.   I just chose the quicker fix.    I didn't research how to generate a key.
  • "Object reference not set to an instance of an object".  My logic was failing when a request variable was missing from the request.   It never happens to me using IE6 and Firefox, so I suspected the problem was happening when robots/crawlers were accessing my pages.   In order to pin that down, I enchanced the error handling (see next item).   Meanwhile, I fixed the code to better handle missing request variables.  
  • Logging and error emails.  When BugTracker.NET throws an exception, code in Global.asax intercepts the error, writes info to the log, and optionally, sends an email to an address specified in Web.config.   So, I was getting a dozen emails a day, but I didn't know the user, the User Agent (which browser, or which crawler), etc.   Now I do.   Before, there really wasn't any such thing as an anonymous BugTracker.NET user, but now there is. 
  • The logic for handling email attachments had been trying to create a temporary directory - actually, even when there weren't any attachments.   My code wasn't granted permission to do that by GoDaddy.   So, I fixed the logic to instead used a directory that I had created beforehand.
  • It took me a while to release that GoDaddy's SMTP server listens on port 80, not 25.

In addition to all the these fixes, I also tried to make some cosmetic changes.   Making the demo public, it was like I was getting dressed to go on a first date with a girl rather than just throwing on sweatpants to go buy some groceries.   Actually, I think back in the day I probably did just throw on some sweatpants for some of those first dates...

Tags:

Comments

4/30/2009 11:06:49 PM #

Hello Corey,
First, Great bug tracking app.  the speed, ease of configuration, expandability, and usability are wonderful for our agile development environment where it is all about going 'lean'.  

Secondly, I had a few questions regarding setting bugtracker.net up on a godaddy hosted account.
1. You mention the key "enableViewStateMac" above.  I didn't see it in the web.config file. So this needs to be added in the web.config file?  
  <system.web>
          <customErrors mode="Off"/>
          <pages enableViewStateMac="false" />
2. When setting up the 1 Virtual Dir for "btnet", I have 3 options, I only selected "allow anonymous" and "set application root".  Is this correct?

Overall it was extremely easy to set up on a true IIS server, but setting it up in a hosted environment took a while longer, still not done yet.  Database setup was pretty straightforward.

*setting customerrors mode to off let me see that I needed to set the virtual dir as an application root, or else I got an error with <sessionState mode="InProc" timeout="120"/> which can be caused by a virtual directory not being configured as an application in IIS.

Thanks again,
Phill

***Using v3.1.6 and IIS 7

phill |

6/15/2009 9:33:17 PM #

Corey, I am having the same issue when trying to host your app on godaddy as the comment above mine here. I am getting app to machine error. Normally I would just "create" an application in IIS and the issue goes away but godaddy is limiting.

How did you get past this issue when you hosted your bugtracker at godaddy?

Thanks,
Tim

Tim |

6/30/2009 2:55:48 AM #

This is what I did on my GoDaddy account running IIS7:
Go to Hosting Control, Content, IIS Management, "check" the directory the tracker resides in, click Advanced icon, "check" Application root.

Hope this helps

Michael |

6/25/2009 4:29:44 AM #

Corey, I was able to successfully get bugtracker.net working with iwishost.com.  Took some time to get the connectionstring sorted out but after that, it worked like a charm.  iwishost is like 2 bucks a month or something.

I LOVE the software you have built for us!  Thanks so very much.  Takes me mere seconds now to submit a bug using bugshooting and then go in and set priority, project, status once the bug is opened. My team loves the software and finds it a pleasure to use.  

LOVE LOVE LOVE it!!

Mayur Jobanputra |

6/30/2009 3:02:54 AM #

GoDaddy doesn't allow you to setup up your databases on the fly with the install.aspx. You have to create the database manually, which I've done.

I need help creating the databases tables though.  Is the a separate sql script available to create the tables?  I looked at dbutils.cs but could determine how it created the needed table structure.

Any suggestions and assistance would be greatly appreciated.

Michael |

6/30/2009 3:10:36 AM #

Nevermind.  I found the setup.sql file.  I'm good to go!

Michael |

7/13/2009 9:35:43 PM #

Pingback from answerspluto.com

list of urls 4 « Answers Pluto

answerspluto.com |

Comments are closed

Powered by BlogEngine.NET 1.5.0.7

RecentComments

Comment RSS