- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Has the companyID in the code been anonymised or did the haxx0r that guffed out that code actually use '31337'?
Admin
I find that if you quote the server specs for something able to run Oracle you'll get a moan of pleasure from the DBA every time.
Admin
Mmm, SQL injection vulnerabilities.
At my last job we had the classic "problem" developer. He was reprimanded several times for poor hygiene, including one occasion where he returned from meeting a big client and his BO was so bad I actually dry heaved when he walked past me.
Anyway, I digress. Not only was he a stinky git, he was also a poor developer. He designed one web application where the JSP page passed back a string that was then tacked onto the end of an SQL query using the regular Java string concatenation. This extra string formed the where clause of the query. I explained to him that this was an SQL injection vulnerability and got the blank eyed stare of the ignorant. I demonstrated the vulnerability by deleting a table in his development database, and then showed him how the app could be reworked to conform to good practices.
This didn't stop him though. Ultimately I found out that the problem was his religon. I kid you not. He is a Jehovah's Witness or Plymouth Brethren, one of the "justified" strands of Christianity where no matter what you do in this life you are going to heaven, and atheists like me are going to burn in hell. As a result of his faith he honestly couldn't give a flying fsck about what he did in this life, least of all at work.
My solution was to leave a copy of Bertrand Russell's "Why I Am Not A Christian" on his desk and to inform my boss that I didn't want him working on my team anymore. He still stank, but at least I no longer had to peer review every line of code he wrote.
Admin
first?
Admin
Most anti-right-click scripts work on Safari on Mac OS X. If you right-click with the mouse. If you ctrl+click, on the other hand... :)
Exact same effect, different button.
What makes me chuckle is the sites that warn you 'Don't steal our source code!' etc. when you try to right-click, and you just go View --> Page Source instead.
Admin
Never assume the user cant see any of your code.
Admin
With FF you don't even have to do that, you just go to Tools->Page Info and click the Media tab. Browse through the images (with preview) and click the friendly "Save As" button :)
Admin
Really, evanm, I gotta say that you piss and moan over nothing. If you have half a brain, you see the point of the code pretty quickly and just skim through or skip through the rest. And then you don't waste your time posting things like this. See how that works? And you also don't do dumb things like criticize the site owner for the way he edits HIS OWN SITE.
Admin
it's always going to be possible to copy and steal images, and everyone who works with webpages knows that, but i think they just come up with creative ways to "disable" right click or make "invisible" images to detract the 85% of n00bs who will post them on their blogs and call it their own, or worse LINK to the stupid images instead of hosting it on their own sites.
also, if you use the scripts and invisible image layers, i think you could better claim someone stole your images because you could prove their intent to steal because they circumvented your "security." (sorry guys, i've been watching a lot of Law and Order lately) case in point: the "premium sponser to my right using jon heder's face for their ad. they could have just found something on images.google.com, but if it was your site and no where else, you could argue that they stole your picture because they had to go around your 1337 right-click disable script. does that make sense?
Admin
Any attempt at hiding that which has to be loaded in the clients browser in order to be used is pointless. wget can get someone any file from your server they know the path too and for you transparent image people, doing a print screen and then cropping down to the image wanted will quickly get a non tech savvy person right past your clever javascript.
Admin
Fails on my browser, i click through the alert and the menu pops up after. of course, that's because firefox provides a preference (off by default) to disable scripts blocking the context menu.
Or even the built-in DOM inspector.Addendum (2007-05-30 11:47): [image]
Proof that it's not IE only.
I, for one, call NotWTF on this error message.
Addendum (2007-05-30 11:49): GAH, WRONG THREAD.
Admin
I have seen applicaitons that were used by the police to issue Tickets for running Red Lights that used this same methodology.
It was DOWN RIGHT SCARY!
Admin
Meh. I can go one better. I used to work with a developer that couldn't figure out why in a POST response unticked checkboxes values weren't carried over.
So, in a fit of sheer stupidity, he decided that everything should be done on the client side using Javascript, including opening up the database connection using ADO. That was a true WTF.