Actually, I completed the Mongo -> MySQL migration about 3 months ago
This particular auth mod that went horribly wrong was to address an unlikely scenario that involves confiscation of multiple CS servers (and/or a customer's computer).
Before the mod, the auth script was pretty much the same thing that's @ https://b.unni.es/auth.txt
All I was changing was the wget line to include -U"a user agent" so that any auth requests to that remote CGI would include a specific user agent that the db's webserver could detect so that logs could be disabled for any requests that have that user agent.
Problem was, I completely forgot that in the auth script I uploaded for the public ( https://b.unni.es/auth.txt
), I changed the line:
if [ "$result" == "good" ]; then
from what it originally was, because I didn't want people knowing the real "positive" response from that web server for over-paranoid security reasons.
Since I used the above auth.txt as the baseline, it caused auth failures all around until I noticed the problem and fixed it (which luckily happened fairly quickly).
The reason for this mod is because before, the db's webserver was logging requests, which means if someone were to confiscate that server, they would have the token hash and the exit node's IP and a time stamp, all of which could be used to determine at what time a token was authorized and on which node.
While that doesn't mean the client's IP was ever exposed, it still might be useful in an investigation against a customer if the investigators manage to get traffic logs from that customer's ISP (or if the investigator confiscate the customer's computers), and if those investigators also were able to confiscate the db's web server system (if they were somehow able to figure out where it is
That scenario is probably never going to happen, but if it does, it'll now be a complete waste of time