SI
SI
discoversearch

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.
Pastimes : SI Trouble Makers
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  
To: arno who wrote (54)5/22/2000 4:32:00 PM
From: Green Receipt  Read Replies (1) of 131
 
If pointing out flaws on this site and forcing them to fix the problem is something wrong, then I guess I get your label.

But had I chosen to do nothing, the hole would be there for someone to exploit and not reveal....

It took 15 minutes of my time to find the problem. Just think if SI had spent some time, a few minutes at most, when they wrote version 2, this security hole would have never existed in the first place.

I've worked on many projects where management will tell you (the developer) errors won't happen and they'll specifically tell you to ignore the what if this happens scenario. I doubt the developers were that lazy to not check parameters and validate stuff. No,instead probably they were told not to validate the input and just assume the supplied data would always be perfect. But that doesn't work in the real world.

U don't let bad input jeopardize your database. Instead it's good to validate input to the database before you perform the action.

So again I say, if this is what it takes to get SI to take security seriously, then call me a trouble maker. In the past I have made a lot of suggestions to SI on what they could do to improve security, and this is one of the few times when they took the effort to close the hole.

It's much more cost effective when designing a system to include security issues right from the beginning. It's much harder to have to apply fixes (band-aids) after the software has been developed.

David

Oh and I found a PM hole before:

duneram.com

that's what SI's reaction was before when I reported the problem.
Report TOU ViolationShare This Post
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  

HomeMailHotSubjectMarksPeopleMarksKeepersSettings
Terms Of UseContact UsCopyright/IP PolicyPrivacy PolicyAbout UsFAQAdvertise on SI
© 2025 Knight Sac Media.  Data provided by Twelve Data, Alpha Vantage, and CityFALCON News