Message Board Thread
Name |
Post
|
---|---|
Posts: 213
Last: 7/8/2010
|
Poll Hacking
2/21/2007 3:57:34 PM
Chris are you the one voting for empty radio buttons in the polling booth? The IP address and time of day would suggest it. Is it something that I am doing wrong that you are trying to point out or is it you using the Web Dev toolbar and clearing out form values? Either way let me know what's going on. |
Posts: 50
Last: 3/23/2009
|
Re: Poll Hacking
2/21/2007 9:22:13 PM
Caught red handed, I guess. Just "subtly" pointing out that the back-end processing could handle empty and invalid values a little better. I was just curious about what would happen if I didn't select any options and then voted. |
Posts: 213
Last: 7/8/2010
|
Re: Poll Hacking
2/21/2007 9:43:03 PM
I've never prided myself in programming. That's why people like yourself were born! I have the eyes and you have the brains. Together we're a darn good team. |
Posts: 50
Last: 3/23/2009
|
Re: Poll Hacking
2/21/2007 10:14:42 PM
It's important to always think of "how can I break this?" when working on something. Difficult to remember to think about it, and you don't always find every way it can be broken, but it does lead to "sturdier" code that doesn't fall apart if used in a way you didn't think of or plan for. Like the email form on the lakeland website - I had briefly considered people using it for spamming when I was working on it a while back, but thought it wasn't too likely, and didn't think it was worth the effort to code properly. Later, I forgot to ever go back to code it the "right" way - and now I had to go and fix it since it was in fact being used to spam people, unfortunately. My coding process is basically, code 5-20 lines, test, fix anything that is completely broken, test again, then try to break it - throw every kind of value and combination of values at it. If the code is recording the number of guests, for example, I would try entering 0, -5, 4, and 5000, just to see what happens, and verify that it works as it should, and not have it allow you to sign up for -5 guests and by faulty math (number of guests * price per guest = total owed) end up paying the registrant the amount. Well, I think I'll end my long-winded reply here.... or maybe here. |
Posts: 213
Last: 7/8/2010
|
Re: Poll Hacking
2/22/2007 11:35:18 PM
My fault, at least on my site, not at jobs is lazyness. I have the luxery on nealgrosskopf.com of having very few visitors and if you (chris) wern't one of them I'd almost never have to worry about security. |
|
Re: Poll Hacking
11/9/2024 11:59:27 PM
|