[thelist] I can't believe what I just read....

Rob Keniger rob at bigbang.net.au
Wed Oct 18 21:23:07 CDT 2000

on 10/19/00 9:36 AM, Anthony Baratta at Anthony at Baratta.com wrote:

> My point with the incredulous-ness of the service is that you are embedding
> your login name AND price using hidden fields in the form!!! SSL or not,
> this is NOT secure. Not by a long shot.
> I can't believe that this is even considered a viable solution. I'm the
> last person to ask about security (OK maybe not last, but I don't play a
> security expert on TV.) and this seems so full of holes that I'm dumb
> founded - versus struck dumb like some people would prefer me. ;-)
> I'll slink away and say no more if you think I'm smoking crack.

No, I think you're being extremely sensible. I ca hardly think of a
less-secure way to do this. Prices and usernames etc in hidden form fields
are one of the classic internet security holes.

This system is wide open - I can't honestly believe they're promoting the

I'd steer well clear if I were you.


Rob Keniger

big bang solutions

<mailto:rob at bigbang.net.au>

More information about the thelist mailing list