- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
<FONT face="Courier New">yoku dekimashita = well done</FONT>
<FONT face="Courier New">"bakayarou" wa nan desu ka? = what's "bakayarou"?</FONT>
<FONT face="Courier New">bakayarou = idiot</FONT>
Admin
This forums software supports Japanese in posts? OMG! How the hell?
(Must be some sort of side-effect of ASP.net, I suppose; I can't imagine Tellegent bothering with something like that of their own accord...)
Admin
Has anyone heard about what is currently happening in Austria with BAWAG, the 3rd largest bank in Austria,?
Admin
This is way out of the scope of the subject but here goes...
After having succesfully designed and developed a multilanguage system I've noticed that doing that is actually a lot easier than creating a system where only some language(s) work. It really requires you to do "something" to disable languages, but little next to nothing to support them. Doing it correctly, on the other hand, is a bit trickier, that must be granted, but the theory behind multilanguage UI is actually a lot more of not doing some charset dependent input testing like $whatever =~ /^[a-z\ ]+$/ but instead using character classes like $whatever =~ /^[:ALPHA::SEPARATOR:]+$/ ... the first example messes up on most languages other than english, the second one does not. And it wasn't really all that hard after all :)
Oh yes, and I hate double-entering the CAPTCHA's... (first time: APPRENTICE, now: ANALYSIS... how suiting is that)
Admin
I'd love to have a look at how that site works. I have a feeling that to someone who actually knows Japanese, it would be just as much of a WTF as some of the code here. Honestly, that thing is apparently about as useful as pulling random words out of a Japanese dictionary. With babelfish the result at least usually has a vague resemblance to the correct translation. That site most definitely can NOT <font face="Verdana, Tahoma, Georgia, Arial, Helvetica, sans-serif" size="2"><font color="#000000" face="Verdana, Tahoma, Georgia, Arial, Helvetica, sans-serif" size="2">"translate simple phrases or give you the general subject of a sentance</font></font>", not even close. sentance indeed.
Admin
<grin> it's probably what they use (in reverse) to generate subtitles and instruction manuals?
Admin
LOL [:D]
And couldn't be bothered logging in, because:
annonymous
Admin
... some clever mind (or company) once created this "software". What happens after the Assestment company tells you, you've got the worst written, most unsecure web-app ever? Do you sue the builders of this web-app? Chop their heads off?
I've seen projects go misserably wrong (though never this bad!): 1,5 year of development with 8 persons straight down the drain with absolutely nothing yo show for it. I was really surprised that noone got fired or demoted or anything. "That didn't go to well.... wanna give it a go at another project?".
Admin
Can't agree there. Too many libraries and fundamental things like entire languages still take it for granted that the charset is an ASCII derivative or assume that a character = one byte (like, for example, the C spec). Therefore, it becomes rather difficult to AVOID doing one of the numerous things that will break compatibility with languages that use non-ASCII charsets. It gets much worse when you have to deal with varying charsets where you have to make conversions and have to know which charset you're dealing with in order to do it correctly.
Admin
"Really, why is it companies keep hiring 2 bucks per day programmers to handle costumer data.... THAT is a WTF itself... The rest is WTF by inheritance."
is that someone who plays dressup a lot? :-)
Admin
"ViewStatement.jsp - Responsible for displaying electronic versions of the monthly statements, this page was always called with a single querystring parameter: StatementId. And because StatementIds were sequential ... you can pretty much see where that went."
I think I'm misunderstanding something here, is there a dangerous security issue relating to sequential ID's in a database? Can someone explain the WTF in this statement? I get all the other deplorable wtf's in there though, don't you worry...
Admin
Without further checks, it's too easy to guess other StatementIds. Large random generated ids might help a bit, but double-checking "has the user currently logged in user the right to see the statement" is the way to go.
Admin
Oh darn, I do these security audits for living and this example is just marvelous. The first thing you do when auditing is checking the cookie contents. This audit could be finished in less than 15 minutes if you know where to start from.
This is definitely a WTF story since these examples don't show up anymore so often. You could go to hotscripts.com and download almost any web shop software and get tested and more secure solution from there.
We did encounter a couple of these examples earlier on but haven't really seen anything this stupid in a few years. And that's quite a few audits ago. LOL.
Admin
Personally, I would never trust pseudo-random record id's to protect data, and if I ever caught someone doing that, I'd brain them with a shovel. This site has really opened my eyes to the true nature of modern bad code, and the fact that it's a lot more widespread than any one person could ever know!
btw, this forum software is ack! It's the content that matters though, not the server software...
Admin
If the random generator is really good, the pseudo-random IDs are not easier to guess than a password. On the other hand, it's much more likely that those IDs are exposed somewhere - query strings, cookies, cache etc. So I guess you are right, at least when security is critical.
Admin
I usually just lurk but this one forced me to register just to say "wow".