[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Red Hat website error

From: Jason Dixon <jason dixongroup net>
To: Red Hat Mailing List <redhat-list redhat com>
Subject: Re: Red Hat website error
Date: Wed Oct 1 17:53:03 2003

On Wed, 2003-10-01 at 17:45, Bret Hughes wrote:
> On Wed, 2003-10-01 at 16:25, Chris Purcell wrote:
> > http://info.redhat.com/a/tA-eyxnAJPSNNAOMy0zADrb0g7z/rhat46
> > 
> > When you click the link above, the URL will be redirected to a redhat url
> > with value of price=xxxx.  Just change the price, and you've changed the
> > cost of your Redhat Training.  See, RHCE IS affordable!
> > 
> > Nice programming Red Hat.
> > 
> 
> That is kind of funny seems like using post would have been a bit
> better.

No HTTP method would fix bad programming like that.  There is NO reason
their site should accept those parameters.  This is the first lesson of
web programming... NEVER pass unchecked values into a form.  They should
have simply pulled the form values out of their database based on the
"special code".  Ugh.

This ranks right up there with the inability to delete old users from a
RHN account.  It also reveals a lot about the quality of their (site)
software development staff.

-- 
Jason Dixon, RHCE
DixonGroup Consulting
http://www.dixongroup.net

References:
- Red Hat website error
  - From: Chris Purcell
- Re: Red Hat website error
  - From: Bret Hughes

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]