How Can I Know This Site Doesn't "Phone Home"? 2

[kjv1611]

I figured this may be one of the better spots to ask this question. The site is for MS SQL Server development, but my question is more website code related. I've built a few small websites, but have avoided html,php, etc code for the most part, due to time constraints, rather relying almost totally on prebuilt tools.

Anyway, the question I have is that this site states you can safely post any SQL code here, and it will not be sent anywhere when it is diagnosed, but rather the code will be diagnosed totally locally in your browser window.

So, can anyone here help me look into the page source to verify whether this claim is true or not?

Thanks for any info, shots, at this..

http://supratimas.com/?utm_source=sqlsearch&utm_medium=ui

"But thanks be to God, which giveth us the victory through our Lord Jesus Christ." 1 Corinthians 15:57

 

[ChrisHirst]

So, can anyone here help me look into the page source to verify whether this claim is true or not?

NO!


HTML, CSS and javascript CANNOT do any of those things so looking at the client side source code will tell you absolutely nothing at all.

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

 

[kjv1611]

Well, there's enough answer for me. Thanks! So I'll just assume it IS sending something home, though it's possible it doesn't. I don't want to trust the site designer, and then find out...oops, well they did send SOME pieces outside my browser window.

"But thanks be to God, which giveth us the victory through our Lord Jesus Christ." 1 Corinthians 15:57

 

[spamjim]

It is easy to diagnose this yourself. Load the page (or copy all the source components locally) and then disable your network connection. If it still works, then the claim is true.

I tried a few clicky-clicks with junk data and did not see any headers passed in my browser.

I'm not sure what Chris is looking at but I see a lot of JS that is able to process local data.

There may be a misunderstanding of what this page does. You cannot simply "post any SQL code". The demo video shows what it does.

The bigger question is, what are you trying to do?

 

[kjv1611]

Yeah, my initial impression was that I could post SQL code and it'd figure it out, but apparently you have to export SQL plan files instead, and use those on the page.. So in the end, I probably wouldn't end up using it anyway... in my current role.

"But thanks be to God, which giveth us the victory through our Lord Jesus Christ." 1 Corinthians 15:57

 

[spamjim]

What SQL code do you need to figure out? Typically, it is the role of the computer to figure out your SQL code. Are you just looking to learn SQL?

 

[kjv1611]

No, just thought I'd try the tool - saw it in a list from the redgate MS SQL Server site. They apparently build several SQL Server Plugins, and I thought that one sounded interesting. Then I realized had to use a plan file, and best I recall, I do not even have access to build one. My role is as an analyst, and MOST things I don't need are locked down tight.

"But thanks be to God, which giveth us the victory through our Lord Jesus Christ." 1 Corinthians 15:57

 

[ChrisHirst]

f JS that is able to process local data.

Maybe but you cannot tell from that IF the data is being sent to a third party.

Anyway, the question I have is that this site states you can safely post any SQL code here, and it will not be sent anywhere when it is diagnosed

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

 

[MakeItSo]

If this helps you, the site is obviously hosted by
MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation,US (registered Mar 31, 1997)

So this seems as legit as they come.

“Knowledge is power. Information is liberating. Education is the premise of progress, in every society, in every family.” (Kofi Annan)
Oppose SOPA, PIPA, ACTA; measures to curb freedom of information under whatever name whatsoever.

 

[spamjim]

Maybe but you cannot tell from that IF the data is being sent to a third party.

Right, I was only noting that the data could be processed locally with JS. The monitoring of my browser headers is what told me that there was nothing being transferred outside of my computer.

These are useful tools for watching what is transferred by a browser:

http://www.blunck.info/iehttpheaders.html

(Internet Explorer)

https://addons.mozilla.org/en-us/firefox/addon/live-http-headers/

(Firefox)

https://chrome.google.com/webstore/detail/live-http-headers/iaiioopjkcekapmldfgbebdclcnpgnlo?hl=en

(Chrome)

If this helps you, the site is obviously hosted by
MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation,US (registered Mar 31, 1997)

So this seems as legit as they come.

Maybe, maybe not. This may be the same info provided by a hosting provider, which Microsoft is (Azure, etc). One of the biggest exploits I saw on my servers this year came from "Microsoft" hosted servers. The Microsoft name on a whois record does not imply security.