eCharcha.Com   Support eCharcha.Com. Click on sponsor ad to shop online!

Advertise Here

Go Back   eCharcha.Com > Science and Technology > Computing

Notices

Computing All things binary...

Reply
 
Thread Tools Display Modes
  #1  
Old January 30th, 2015, 11:05 AM
kalidas's Avatar
kalidas kalidas is offline
Super eCharchan
 
Join Date: May 2012
Location: Caves of Karakoram
Posts: 3,307
kalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond repute
Poorly designed corporate sites

Take a look at this site from Dicks Sporting Goods. Their shipping docs can be accessed online.

http://www.dsgfreight.com/UserFiles/File/

While it doesn't contain extremely confidential information, it definitely looks like proprietary info that needs to be secured.
__________________

Reply With Quote
  #2  
Old January 30th, 2015, 11:10 AM
sarv_shaktimaan's Avatar
sarv_shaktimaan sarv_shaktimaan is online now
Moderator
 
Join Date: Aug 2005
Location: satva aasmaan
Posts: 14,084
sarv_shaktimaan has a reputation beyond reputesarv_shaktimaan has a reputation beyond reputesarv_shaktimaan has a reputation beyond reputesarv_shaktimaan has a reputation beyond reputesarv_shaktimaan has a reputation beyond reputesarv_shaktimaan has a reputation beyond reputesarv_shaktimaan has a reputation beyond reputesarv_shaktimaan has a reputation beyond reputesarv_shaktimaan has a reputation beyond reputesarv_shaktimaan has a reputation beyond reputesarv_shaktimaan has a reputation beyond repute
Re: Poorly designed corporate sites

wow! looks like a case of bad production release.
  • A Production defect needs to be raised with critical priority
  • a RFC (Request for Change) will need to be logged with the Change Management team
  • VP's approval needs to be sought for a same day fix.
  • Ensure the admin team is made aware of the work coming their way during off-hours.
  • Fish-bone RCA (root cause analysis) is generally recommended when such lapses happen.
  • Audit teams will be interested in a summary of this mishap.
P.S. Good luck explaining to the VP how this was missed in QA and production release validation.

Last edited by sarv_shaktimaan; January 30th, 2015 at 11:13 AM.
Reply With Quote
  #3  
Old January 30th, 2015, 11:28 AM
kalidas's Avatar
kalidas kalidas is offline
Super eCharchan
 
Join Date: May 2012
Location: Caves of Karakoram
Posts: 3,307
kalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond repute
Re: Poorly designed corporate sites

Quote:
Originally Posted by sarv_shaktimaan View Post
wow! looks like a case of bad production release.
  • A Production defect needs to be raised with critical priority
  • a RFC (Request for Change) will need to be logged with the Change Management team
  • VP's approval needs to be sought for a same day fix.
  • Ensure the admin team is made aware of the work coming their way during off-hours.
  • Fish-bone RCA (root cause analysis) is generally recommended when such lapses happen.
  • Audit teams will be interested in a summary of this mishap.
P.S. Good luck explaining to the VP how this was missed in QA and production release validation.
I don't think there is time for an RFC.

They need to open a incident ticket and issue the developers emerids.

There is a major loophole in their authentication / authorization framework. I'm guessing that the files reside on a separate framework and the network guy decided to open up port 80 to the world, since the referencing app was in the dmz. This is clearly shitty architecture.

They need to move the file server behind the DMZ. Webserver and app server teams need to make config changes. The app needs to make config changes. This is a mess I tell you.
__________________

Reply With Quote
  #4  
Old January 30th, 2015, 12:13 PM
sarv_shaktimaan's Avatar
sarv_shaktimaan sarv_shaktimaan is online now
Moderator
 
Join Date: Aug 2005
Location: satva aasmaan
Posts: 14,084
sarv_shaktimaan has a reputation beyond reputesarv_shaktimaan has a reputation beyond reputesarv_shaktimaan has a reputation beyond reputesarv_shaktimaan has a reputation beyond reputesarv_shaktimaan has a reputation beyond reputesarv_shaktimaan has a reputation beyond reputesarv_shaktimaan has a reputation beyond reputesarv_shaktimaan has a reputation beyond reputesarv_shaktimaan has a reputation beyond reputesarv_shaktimaan has a reputation beyond reputesarv_shaktimaan has a reputation beyond repute
Re: Poorly designed corporate sites

An incident ticket does make it easier to hush up matters. this way nobody'll know.. a secret pact between the admins and development team. The developer goes to the admin.. buddy, I owe you one.
Reply With Quote
  #5  
Old January 30th, 2015, 03:19 PM
kalidas's Avatar
kalidas kalidas is offline
Super eCharchan
 
Join Date: May 2012
Location: Caves of Karakoram
Posts: 3,307
kalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond repute
Re: Poorly designed corporate sites

Quote:
Originally Posted by sarv_shaktimaan View Post
An incident ticket does make it easier to hush up matters. this way nobody'll know.. a secret pact between the admins and development team. The developer goes to the admin.. buddy, I owe you one.
It's not that easy. Because you will need an outage. It will show up in a weekly mgmt outage report.

But I'm sure mgmt will also want to hush things for cya purposes.
__________________

Reply With Quote
  #6  
Old February 1st, 2015, 10:06 AM
another indian another indian is offline
Junior eCharchan
 
Join Date: Apr 2014
Posts: 113
another indian is a name known to allanother indian is a name known to allanother indian is a name known to allanother indian is a name known to allanother indian is a name known to allanother indian is a name known to all
Re: Poorly designed corporate sites

Quote:
Originally Posted by kalidas View Post
I don't think there is time for an RFC.


There is a major loophole in their authentication / authorization framework. .
now I am not a computer/software enginner to comment on this & I don't understand any details which you have written.

I feel that if you know a major loophole in some company. you can try contacting the top mgmt. of that company & informing them about the loop hole.In return to this info.,you can ask for some small reward.

If you want something in return, try to contact only the top mgmt, as employees may themselves take credit.
__________________
competition results in improvement of many things in several sectors.
Reply With Quote
  #7  
Old February 1st, 2015, 12:08 PM
sgars's Avatar
sgars sgars is offline
2
 
Join Date: Jan 2007
Location: Mid West
Posts: 6,842
sgars has a reputation beyond reputesgars has a reputation beyond reputesgars has a reputation beyond reputesgars has a reputation beyond reputesgars has a reputation beyond reputesgars has a reputation beyond reputesgars has a reputation beyond reputesgars has a reputation beyond reputesgars has a reputation beyond reputesgars has a reputation beyond reputesgars has a reputation beyond repute
Re: Poorly designed corporate sites

You guys forgot to blame the business for not mentioning in the requirements that these files need to be secured from general public.
The QA guy could say that security testing is not on his scope.
__________________
This is quite a game, politics. There are no permanent enemies, and no permanent friends,only permanent interests. - Some Firang
Reply With Quote
  #8  
Old February 1st, 2015, 12:18 PM
dirty's Avatar
dirty dirty is offline
Super eCharchan
 
Join Date: Dec 2000
Location: SoCal USA
Posts: 11,276
dirty has a reputation beyond reputedirty has a reputation beyond reputedirty has a reputation beyond reputedirty has a reputation beyond reputedirty has a reputation beyond reputedirty has a reputation beyond reputedirty has a reputation beyond reputedirty has a reputation beyond reputedirty has a reputation beyond reputedirty has a reputation beyond reputedirty has a reputation beyond repute
Re: Poorly designed corporate sites

Quote:
Originally Posted by another indian View Post
now I am not a computer/software enginner to comment on this & I don't understand any details which you have written.
Then why are you commenting ? Move on to other threads .....
__________________
Fair use is a limitation and exception to the exclusive right granted by copyright law to the author of a creative work. In United States copyright law, fair use is a doctrine that permits limited use of copyrighted material without acquiring permission from the rights holders. Examples of fair use include commentary, criticism, news reporting, research, teaching, library archiving and scholarship. It provides for the legal, unlicensed citation or incorporation of copyrighted material in another author's work under a four-factor balancing test.
Reply With Quote
  #9  
Old February 1st, 2015, 02:28 PM
Sane Less's Avatar
Sane Less Sane Less is offline
Dead On Arrival is back
 
Join Date: Jun 2005
Posts: 16,811
Sane Less has a reputation beyond reputeSane Less has a reputation beyond reputeSane Less has a reputation beyond reputeSane Less has a reputation beyond reputeSane Less has a reputation beyond reputeSane Less has a reputation beyond reputeSane Less has a reputation beyond reputeSane Less has a reputation beyond reputeSane Less has a reputation beyond reputeSane Less has a reputation beyond reputeSane Less has a reputation beyond repute
Re: Poorly designed corporate sites

Quote:
Originally Posted by dirty View Post
Then why are you commenting ? Move on to other threads .....
If this was the criteria to post on echarcha... then my fingers would have had cobwebs by now
__________________
-----------------------------------------------

"Kisi ne sahi kaha zindagi kutti cheez hai. You live life without a care in the world not realizing that life is building a heavy load of trash that it dumps on you one fine day, breaking your back." - saneless
Reply With Quote
Reply

Bookmarks


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Corporate Indian Films 19 December 19th, 2006 01:35 PM
Bring me the head of the man who designed CD cases Jat SoapBox 1 March 17th, 2003 09:50 AM
Which other sites from recommended sites you are visiting? saverewaligadi SoapBox 17 October 9th, 2002 06:07 AM
the engineer from Renault that designed that new model Diplomat SoapBox 0 August 24th, 2002 07:14 AM


All times are GMT -7. The time now is 07:35 AM.


Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Site Copyright © eCharcha.Com 2000-2012.