[thelist] I can't believe what I just read....
Rob Keniger
rob at bigbang.net.au
Wed Oct 18 21:23:07 CDT 2000
on 10/19/00 9:36 AM, Anthony Baratta at Anthony at Baratta.com wrote:
> My point with the incredulous-ness of the service is that you are embedding
> your login name AND price using hidden fields in the form!!! SSL or not,
> this is NOT secure. Not by a long shot.
>
> I can't believe that this is even considered a viable solution. I'm the
> last person to ask about security (OK maybe not last, but I don't play a
> security expert on TV.) and this seems so full of holes that I'm dumb
> founded - versus struck dumb like some people would prefer me. ;-)
>
> I'll slink away and say no more if you think I'm smoking crack.
No, I think you're being extremely sensible. I ca hardly think of a
less-secure way to do this. Prices and usernames etc in hidden form fields
are one of the classic internet security holes.
This system is wide open - I can't honestly believe they're promoting the
service.
I'd steer well clear if I were you.
--
Rob Keniger
big bang solutions
<mailto:rob at bigbang.net.au>
<http://www.bigbang.net.au>
More information about the thelist
mailing list