The Ramblings of Two Microsoft .NET Developers, TFS, and Visual Studio ALM Guys --- "Yes, we are both named Ed."

Security



I still can't believe that developers do not program securely, especially when they have all these great tools and best practices easily available. I just wanted to share a quick "WTF" with a recent experience I had.

I am currently looking for a house, so naturally I am calling all sorts of agents to get info and pictures before I commit to driving to look at the house. For this example, we shall say X1 company supplied we with an email with a hyperlink to view information such as pictures, builder, taxes and layout. So Cool right? Ya you bet, being able to view all this data at home before wasting my time driving all over the place. But the hyper link to the home information was a little more interesting, the URL contained there site www.CompanyX1.com then the query string http://www.CompanyX1.com/SearchDetail/AllTheGood/Search.aspx?AgentID=12345&password=IamSoSecure. Bang no need to call again, I can search all there internal listing (which I did not, I will not deal with a company that is that careless). 

Crazy?

Ed K.

Posted in


Name
E-mail
(will show your gravatar icon)
Home page

Comment (Some html is allowed: a@href@title, b, blockquote@cite, em, i, strike, strong, sub, sup, u) where the @ means "attribute." For example, you can use <a href="" title=""> or <blockquote cite="Scott">.  

[Captcha]Enter the code shown (prevents robots):

Live Comment Preview