Delta unofficial PNR viewer
#91
Join Date: May 2009
Location: Seattle, WA
Programs: DL Diamond 1.7MM, Starlux Insighter, Bonvoy Titanium, Hilton Gold, Hertz PC
Posts: 3,947
Looks like DL asked for this to be disabled again. Pretty lame, but pretty much par for the course that they can't get a simple filter deployed in a week (nevermind that they didn't have filtering in place to begin with on a public, unsecured API).
Of course, the need for pnr.sh is a problem of Delta's making to begin with. If DL would just plumb through record locators for other airlines to the web view for your reservation, like every other airline does, we wouldn't need this tool to begin with.
Of course, the need for pnr.sh is a problem of Delta's making to begin with. If DL would just plumb through record locators for other airlines to the web view for your reservation, like every other airline does, we wouldn't need this tool to begin with.
#92
Original Poster
Join Date: Nov 2018
Location: San Francisco
Programs: DL
Posts: 466
Looks like DL asked for this to be disabled again. Pretty lame, but pretty much par for the course that they can't get a simple filter deployed in a week (nevermind that they didn't have filtering in place to begin with on a public, unsecured API).
Of course, the need for pnr.sh is a problem of Delta's making to begin with. If DL would just plumb through record locators for other airlines to the web view for your reservation, like every other airline does, we wouldn't need this tool to begin with.
Of course, the need for pnr.sh is a problem of Delta's making to begin with. If DL would just plumb through record locators for other airlines to the web view for your reservation, like every other airline does, we wouldn't need this tool to begin with.
#96
Join Date: Feb 2019
Posts: 3,097
I'm not sure what potential threat you're worried about using the pnr.sh website that wouldn't also be a problem if you grabbed a container image that someone else built.
#97
Join Date: May 2009
Location: Seattle, WA
Programs: DL Diamond 1.7MM, Starlux Insighter, Bonvoy Titanium, Hilton Gold, Hertz PC
Posts: 3,947
If the github repo contained a Dockerfile, you could briefly audit the code yourself to confirm it is doing what you expect and not performing any surreptitious logging, then clone the repo and quickly build the container image yourself from scratch. Seems like a reasonable mitigation to me. If the upstream base golang image is compromised, there are much more fundamentally bad things going on in the world.
#98
Join Date: Feb 2019
Posts: 3,097
The most obvious would be a remote server retaining logs of form post data containing names and record locators. dflyer00 has said this isn't occurring, and I trust them given their transparency in the github repo, but it's also reasonable to want to run the code locally to verify that for yourself.
If the github repo contained a Dockerfile, you could briefly audit the code yourself to confirm it is doing what you expect and not performing any surreptitious logging, then clone the repo and quickly build the container image yourself from scratch. Seems like a reasonable mitigation to me. If the upstream base golang image is compromised, there are much more fundamentally bad things going on in the world.
#101
Join Date: Jun 2012
Location: Michigan
Programs: DL PM
Posts: 855
One nugget I found before the remarks were shut down is a note of DUPE. I have a couple nested trips coming up--I'm bringing young relatives to visit and since they've never flown before I'm going to accompany them. So I fly down alone, pick them up and fly home with them on a different tick (all on the same day) and then fly back on the second ticket with them, and then fly home alone on the first ticket (again on the same day). Both PNRs had a DUPE note with reference to the other's PNR.
#102
Original Poster
Join Date: Nov 2018
Location: San Francisco
Programs: DL
Posts: 466
Yeah, Delta has been re-enabled on the site as they let me know today that they have filtered the information they would like to. Luckily, it seems they kept the OA_REC_LOC flag in the reservation, so you should still be able to retrieve other airline PNRs. It's a bit of a pain to read though, on AF my record locator is XXXXXX in: "1MUC1AXXXXXX/NYCAF08AA/3399312/NYC/AF/A/US//SU". Maybe I can parse this out if I can figure out what everything else means.
#104
Join Date: Nov 2008
Programs: DL PM
Posts: 124
Yeah, Delta has been re-enabled on the site as they let me know today that they have filtered the information they would like to. Luckily, it seems they kept the OA_REC_LOC flag in the reservation, so you should still be able to retrieve other airline PNRs. It's a bit of a pain to read though, on AF my record locator is XXXXXX in: "1MUC1AXXXXXX/NYCAF08AA/3399312/NYC/AF/A/US//SU". Maybe I can parse this out if I can figure out what everything else means.
When I looked up a DL PNR for AF flights, it had the exact same info as you (except for the AF PNR of course)
#105
A FlyerTalk Posting Legend
Join Date: Sep 2012
Location: SFO
Programs: AC SE MM, BA Gold, SQ Silver, Bonvoy Tit LTG, Hyatt Glob, HH Diamond
Posts: 44,331
Yeah, Delta has been re-enabled on the site as they let me know today that they have filtered the information they would like to. Luckily, it seems they kept the OA_REC_LOC flag in the reservation, so you should still be able to retrieve other airline PNRs. It's a bit of a pain to read though, on AF my record locator is XXXXXX in: "1MUC1AXXXXXX/NYCAF08AA/3399312/NYC/AF/A/US//SU". Maybe I can parse this out if I can figure out what everything else means.