Hey there, this site is pretty old now. I've decided to leave it up as I put a lot of work into it and would hate to see it disappear.

Message Board Thread

( View Message Board )   ( Statistics )    
Name
Post
Neal Grosskopf
Posts: 213
Last: 7/8/2010
Poll Hacking
2/21/2007 3:57:34 PM

Chris are you the one voting for empty radio buttons in the polling booth? The IP address and time of day would suggest it. Is it something that I am doing wrong that you are trying to point out or is it you using the Web Dev toolbar and clearing out form values? Either way let me know what's going on.

Chris Retlich
Posts: 50
Last: 3/23/2009
Re: Poll Hacking
2/21/2007 9:22:13 PM

Caught red handed, I guess. Just "subtly" pointing out that the back-end processing could handle empty and invalid values a little better. I was just curious about what would happen if I didn't select any options and then voted.

Neal Grosskopf
Posts: 213
Last: 7/8/2010
Re: Poll Hacking
2/21/2007 9:43:03 PM

I've never prided myself in programming. That's why people like yourself were born! I have the eyes and you have the brains. Together we're a darn good team.

Chris Retlich
Posts: 50
Last: 3/23/2009
Re: Poll Hacking
2/21/2007 10:14:42 PM

It's important to always think of "how can I break this?" when working on something. Difficult to remember to think about it, and you don't always find every way it can be broken, but it does lead to "sturdier" code that doesn't fall apart if used in a way you didn't think of or plan for. Like the email form on the lakeland website - I had briefly considered people using it for spamming when I was working on it a while back, but thought it wasn't too likely, and didn't think it was worth the effort to code properly. Later, I forgot to ever go back to code it the "right" way - and now I had to go and fix it since it was in fact being used to spam people, unfortunately. My coding process is basically, code 5-20 lines, test, fix anything that is completely broken, test again, then try to break it - throw every kind of value and combination of values at it. If the code is recording the number of guests, for example, I would try entering 0, -5, 4, and 5000, just to see what happens, and verify that it works as it should, and not have it allow you to sign up for -5 guests and by faulty math (number of guests * price per guest = total owed) end up paying the registrant the amount. Well, I think I'll end my long-winded reply here.... or maybe here.

Neal Grosskopf
Posts: 213
Last: 7/8/2010
Re: Poll Hacking
2/22/2007 11:35:18 PM

My fault, at least on my site, not at jobs is lazyness. I have the luxery on nealgrosskopf.com of having very few visitors and if you (chris) wern't one of them I'd almost never have to worry about security.
As far as those darn spammers, last nite I implemented some code that should do a better job at stopping them. I purposly saved several of their spam posts and noticed paterns in them, what their first and last names are, what words they typically use ect. While it won't stop everyone it will stop the three that visit my site every month.

 
Re: Poll Hacking
11/9/2024 11:59:27 PM

Type Below & Preview Your Post Here
<< Back | Top

Reply To This Post
B U I Link Font Color Edit Preview ?