January 30, 2007 1:51 AM
by Ed Kisinger
I still can't believe that developers do not program securely, especially when they have all these great tools and best practices easily available. I just wanted to share a quick "WTF" with a recent experience I had.
I am currently looking for a house, so naturally I am calling all sorts of agents to get info and pictures before I commit to driving to look at the house. For this example, we shall say X1 company supplied we with an email with a hyperlink to view information such as pictures, builder, taxes and layout. So Cool right? Ya you bet, being able to view all this data at home before wasting my time driving all over the place. But the hyper link to the home information was a little more interesting, the URL contained there site www.CompanyX1.com then the query string http://www.CompanyX1.com/SearchDetail/AllTheGood/Search.aspx?AgentID=12345&password=IamSoSecure. Bang no need to call again, I can search all there internal listing (which I did not, I will not deal with a company that is that careless).
a@href@title, b, blockquote@cite, em, i, strike, strong, sub, sup, u
Hi! I am Ed Blankenship and a Product Manager at Microsoft for Visual Studio Online, Team Foundation Server, and the Application Lifecycle Management family of tools. I am an author of a few books, former Microsoft MVP of the Year, and a former ALM consultant.
Powered by Azure Websites
Site design by Jeremy Kratz