azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fc36218960ba799fa322bba1fd6c8d0b686be583
claudetools/clients/glaztech/reports/2026-06-05-tom-message-draft.md
Mike Swanson 185a329770 glaztech: commit final Tom message + quo() fix-list 
- 2026-06-05-tom-message-draft.md: Mike's final relief-framed wording
- 2026-06-05-quo-sql-fix-list.md: 80 live quo call sites across 15 files (C3)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-05 11:35:16 -07:00

38 lines
3.2 KiB
Markdown
Raw Blame History

# Draft message to Tom (Mike's final wording, 2026-06-05)
**Channel:** direct email or Teams/Slack to Tom — NOT buried in the #32378 security ticket.
**Tone:** partnership / not-a-fire-drill; one concrete bounded ask (the 59-ish SQL queries, with line numbers).
---
**Subject:** Glaztech site — we're in this with you
Hi Tom,
We know the last few days have been stressful — the security scan dropped a real bomb in your lap, and we don't take that lightly. Believe me when I say we're here to help: to keep Glaztech safe, and to help you with the security side of the network and the site. You've kept this running for a long time — we're not here to second-guess any of that. We're here to take the security weight off your shoulders and work it with you.
Here's the reassuring part, now that we've had time to dig in: this doesn't have to be a fire drill. What the deeper look showed is that the site, the GTIware tools, and the database all tie together pretty tightly — and because of that, the right move is a calm, staged plan, not a rushed scramble. We handle the urgent, self-contained pieces on our side right away, and work through the rest methodically, together, without disrupting your day-to-day. At least as much I can, I'll try not to be a nuisance.
So here's what we're proposing.
The heavy infrastructure security is squarely our lane, and we'll carry it:
• Locking down the server and tightening the database permissions
• Putting a web application firewall in front of the site
• Tightening the network/firewall around the database server
And there's one place where your knowledge of the app is exactly what's needed — and where we'd be working side by side with you. There's a specific set of ~59 older SQL queries in the site that build their statements by stitching text together; switching those to use parameters is the single highest-value code change for hardening the site. It's contained and repetitive — no redesign, no new frameworks. I'll get you the exact changes I need, down to the line number if that helps, so you can review them and make the changes.
Down the road there's a bigger item — modernizing how saved cards/payments are handled — but that's a project we'll plan and scaffold with you when there's bandwidth. No rush; we'll carry the legwork.
Bottom line: you're not on the hook to become a security expert overnight, this isn't a five-alarm scramble, and you're not in this alone. We've got the infrastructure side, we'll hand you a clear, bounded list for the code piece, and we'll work it together at a sane pace. Let me know a good time to connect.
Thanks,
Mike / Arizona Computer Guru
---
### Notes for Mike
- Optional tiny grammar fix in para 3: *"At least as much **as** I can, I'll try not to be a nuisance."* — left your wording as-is otherwise.
- **Prerequisite before sending:** the exact line-number list for the SQL queries — ACG grep in progress (80 live `quo()` call sites found on WWW; producing the per-file:line list now). The message promises "down to the line number," so have it ready when Tom replies.
- Held back deliberately (minimal first ask): the customer-vs-employee path-map review and the `/emp/` VPN-gating — raise separately/lighter later.
Reference in New Issue View Git Blame Copy Permalink