Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
AllenII16177yNow that is REALLY BAD--I'm certain that can cause legal trouble on the dev's part, at least i personally believe that should be the case for blatant disregard for security. @Godisalie, I agree that some sort of developer certification/licensing would be nice. But at the same time, I don't see it making much difference in the grand scheme of themes due to smaller people (and cheap bigger businesses) still using the lowest bidder, what say you?
-
@AllenII Honestly, I just want a licensing system close to drivers licenses, something that just shows that the page was made by someone who knows how to handle your data. Ideally enforced by the big search engines. You proof you know your shit, you can generate tokens any page without a valid token doesn't get indexed and people won't throw out their data to a fucking hack. I a company goes with the lowest bidder let them, but protect their customers by not showing that thing.
-
AllenII16177y@Godisalie i see, that makes alot of sense; especially the part about the major search engines taking the lead on enforcement
Related Rants
-
BM32180My dumb CEO just hired an even dumber CTO. The new CTO asked me the following questions... 1. What is GitHub...
-
wilziack47Jesus, Apple are fucking amazing at design! A keyboard I need to prop up with a book and a mouse I can't use w...
-
Meta41This may be limited to Germany: Apparently you can get free vouchers (from 2 to 5 euros in value) on the webs...
Yesterday my father called me and asked if I'd have a look at his website to exchange his logo with a new one and make some string changes in the backend. Well, of course I did and hell am I glad I did it.
He had that page made a few years ago by some cousin of a friend who "is really good with computers", it's a small web shop for car parts and, as usual costumer accounts. Costumer Accounts with payment infos.
Now I've seen a lot of bad practices when it comes to handling passwords and I've surely done a few questionable things myself but this idiot took the cake. When a new account was registered his php script would read the login page, look for a specific comment and add a string "'account; password'," below into to a js array. In clear text. On the website. One doesn't even have to breach the db, it's just there, F12 and you got all the log ins.
Seriously, we really need a licensing system for devs, those were two or three years this shit was live, 53 accounts... Now I've gotta decipher this entire bowl of spaghetti just to see if he has done any more unspeakable things.
undefined
idiots
stupidity beyond belief
security 101