- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Oh SURE it is.. .NET allows any abacus-toting moron to think they're a computer scientist.
Thanks, Microsoft!! *-)
Admin
George, name-calling won't get you anywhere with me. Furthermore, I'd appreciate it if you kept your cursing private messages to yourself. I honestly don't understand why you thought it was okay to use such language in this forum which many access from work.
sincerely,
Richard Nixon
Admin
Oh, boo hoo.
Suddenly, Mr. Nixon is the lone voice of maturity and reason, standing up for what he believes in. I don't have to cover anyone who should be doing work in the first place. If it's OK with them to not do their job, I trust they can deal with whatever consequences arise.
I'll be glad to apologize to anyone who was seriously offended, but not to someone who does nothing but troll around looking for grammatical and spelling errors.
Admin
It used to, by default. But they realized years ago how dangerous that was and changed the default behaviour:
http://de3.php.net/manual/en/security.globals.php
Admin
I don't know of any nice way to put this. You have gone insane. Please report to the nearest asylum for commitment.
Admin
When you write crap code, you get nonexistent security, and it doesn't matter what language are you using. Adding "$auth = false;" at the top or "else $auth = false;" after the conditional would fix everything. Checking a value of an uninitialized variable raises a warning, so if the guy cared enough to test what happens if he inputs a wrong password, he would see it. It really isn't that difficult to write secure PHP code, even with register_globals on. There are lots of functions to aid this (i.e. mysql_real_escape_string, pg_escape_string, addslashes, mysqli->prepare, etc.) and manual topics on this.
Admin
It's an obfuscated (as in, less blatantly obvious) version of the classic admin=false.
If I understand the point of the original post correctly, anyone can make a donation anonymously (without logging on), but admins have to log on in order to see the credit card numbers of the donors, and process the received donations...
Admin
I downloaded the beta of IE7. I was impressed. It took all of fifteen minutes before I deleted it from my computer.
I had a bet with myself that it wouldn't even run.
I use IE because all of the web-sites at work require it. Of course, I had to set security so high that the Disney site is about the only one that loads without warnings.
Admin
It's a good job he hadn't tried using POST requests as that would have hidden the LOGGED_ON=NO, and made the problem less visible. I have seen this used as a way of avoiding the admin=false problem.
It really doesn't take much more to break that one either.
Also seen a site where it stores your username as a cookie and uses that for authentication - so set your own cookie and off you go.
Admin
Your childish diatribes are ok at work i assume...
Admin
Admin
I worked at a company that had the same "technic" to provide security to webpages...
When i explained my worries about the security issues the answer i got was that the user would have to be a good hacker to figure this out. that solution worked for them in the past and they still continue to use this "technic"