![]() |
Support eCharcha.Com. Click on sponsor ad to shop online! |
#1
|
||||
|
||||
Poorly designed corporate sites
Take a look at this site from Dicks Sporting Goods. Their shipping docs can be accessed online.
http://www.dsgfreight.com/UserFiles/File/ While it doesn't contain extremely confidential information, it definitely looks like proprietary info that needs to be secured.
__________________
|
#2
|
||||
|
||||
Re: Poorly designed corporate sites
wow! looks like a case of bad production release.
Last edited by sarv_shaktimaan; January 30th, 2015 at 11:13 AM. |
#3
|
||||
|
||||
Re: Poorly designed corporate sites
Quote:
They need to open a incident ticket and issue the developers emerids. There is a major loophole in their authentication / authorization framework. I'm guessing that the files reside on a separate framework and the network guy decided to open up port 80 to the world, since the referencing app was in the dmz. This is clearly shitty architecture. They need to move the file server behind the DMZ. Webserver and app server teams need to make config changes. The app needs to make config changes. This is a mess I tell you.
__________________
|
#4
|
||||
|
||||
Re: Poorly designed corporate sites
An incident ticket does make it easier to hush up matters.
![]() |
#5
|
||||
|
||||
Re: Poorly designed corporate sites
Quote:
But I'm sure mgmt will also want to hush things for cya purposes.
__________________
|
#6
|
|||
|
|||
Re: Poorly designed corporate sites
Quote:
I feel that if you know a major loophole in some company. you can try contacting the top mgmt. of that company & informing them about the loop hole.In return to this info.,you can ask for some small reward. If you want something in return, try to contact only the top mgmt, as employees may themselves take credit.
__________________
competition results in improvement of many things in several sectors. |
#7
|
||||
|
||||
Re: Poorly designed corporate sites
You guys forgot to blame the business for not mentioning in the requirements that these files need to be secured from general public.
The QA guy could say that security testing is not on his scope.
__________________
This is quite a game, politics. There are no permanent enemies, and no permanent friends,only permanent interests. - Some Firang |
#8
|
||||
|
||||
Re: Poorly designed corporate sites
Quote:
![]() ![]()
__________________
Fair use is a limitation and exception to the exclusive right granted by copyright law to the author of a creative work. In United States copyright law, fair use is a doctrine that permits limited use of copyrighted material without acquiring permission from the rights holders. Examples of fair use include commentary, criticism, news reporting, research, teaching, library archiving and scholarship. It provides for the legal, unlicensed citation or incorporation of copyrighted material in another author's work under a four-factor balancing test. |
#9
|
||||
|
||||
Re: Poorly designed corporate sites
If this was the criteria to post on echarcha... then my fingers would have had cobwebs by now
![]()
__________________
----------------------------------------------- "Kisi ne sahi kaha zindagi kutti cheez hai. You live life without a care in the world not realizing that life is building a heavy load of trash that it dumps on you one fine day, breaking your back." - saneless |
![]() |
Bookmarks |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
Display Modes | |
|
|
![]() |
||||
Thread | Thread Starter | Forum | Replies | Last Post |
Corporate | Indian | Films | 21 | December 23rd, 2017 08:05 AM |
Bring me the head of the man who designed CD cases | Jat | SoapBox | 1 | March 17th, 2003 09:50 AM |
Which other sites from recommended sites you are visiting? | saverewaligadi | SoapBox | 17 | October 9th, 2002 06:07 AM |
the engineer from Renault that designed that new model | Diplomat | SoapBox | 0 | August 24th, 2002 07:14 AM |