Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 
3423 posts

Uber Geek
+1 received by user: 700

Trusted

  # 358400 29-Jul-2010 14:20
Send private message

dman:
sleemanj: SQL injection is one thing, but this was pretty sloppy, it wasn't just forgetting to escape a string or something, it was sending complete unchecked SQL across the wire.  Even 10 years ago (really, 10 years, in flash?) that would have been pretty obviously a bad idea.
it wasn't just that, they had a whole comedy of errors. Like storing passwords as plain text, no matter how many years we are talking about you can't call that secure


for my forum i was using yetanotherforum.net, an open source asp.net forum, and the first thing i noticed, the passwords were all stored in the db as plaintext.   the first thing i did was change them to a seeded md5 hash.

its not uncommon to do, but i really wish it was.

seriously never going to use their website to make an order, or heaven forbid make a credit card payment through them. 

3080 posts

Uber Geek
+1 received by user: 499

Trusted
Subscriber

  # 358444 29-Jul-2010 15:03
Send private message

reven:
dman:
sleemanj: SQL injection is one thing, but this was pretty sloppy, it wasn't just forgetting to escape a string or something, it was sending complete unchecked SQL across the wire.  Even 10 years ago (really, 10 years, in flash?) that would have been pretty obviously a bad idea.
it wasn't just that, they had a whole comedy of errors. Like storing passwords as plain text, no matter how many years we are talking about you can't call that secure


for my forum i was using yetanotherforum.net, an open source asp.net forum, and the first thing i noticed, the passwords were all stored in the db as plaintext.   the first thing i did was change them to a seeded md5 hash.

its not uncommon to do, but i really wish it was.

seriously never going to use their website to make an order, or heaven forbid make a credit card payment through them. 


CC payments for Hell are now run through a third party called Mobi2Go (a NZ company by the name of Third Screen Interactive).




I finally have fibre!  Had to leave the country to get it though.


 
 
 
 


3423 posts

Uber Geek
+1 received by user: 700

Trusted

  # 358484 29-Jul-2010 16:02
Send private message

yeah but i still wont trust hell with this kind of information any more.

if they came out and admitted it straight up, and not blaming a disgruntle employee i might of had some respect left for them and a bit of trust they would clean up their act.

but they didnt, so i cant trust them. not saying i wont still eat there (love their pizzas), i just wont be using their webapp to order. which is a shame because i only use dominos or pizza huts webapp when ordering through them (unless on iphone, stupid flash)

22054 posts

Uber Geek
+1 received by user: 4680

Trusted
Subscriber

  # 358535 29-Jul-2010 16:47
Send private message

I only ever order pickup with dominos, the email address used has been safe so far, and the "name" I give them is not usually mine.




Richard rich.ms

3423 posts

Uber Geek
+1 received by user: 700

Trusted

  # 358615 29-Jul-2010 17:52
Send private message

richms: I only ever order pickup with dominos, the email address used has been safe so far, and the "name" I give them is not usually mine.

Lol

1 | 2 | 3 | 4 | 5 | 6 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07


Techweek starting around NZ today
Posted 20-May-2019 09:52


Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00


New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30


Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11


Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23


Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11


Vodafone New Zealand sold
Posted 14-May-2019 07:25


Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25


Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39


Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25


Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13


The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41


Nokia 9 PureView available in New Zealand
Posted 6-May-2019 09:06


Motorola Solutions joins local partners to deliver advanced communications network in New Zealand
Posted 30-Apr-2019 21:50



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.