Oreilly School: Open For Attack.

I was going through a course on Oreilly School last night and I wanted to poke around. I was logged into a class where I could see all of my lessons. I decided to view the source code for the frame and was astonished at what I found. They still have ALL of the SQL queries printing out into HTML comments. This is all fine and dandy while debugging but when a site goes into production these SHOULD NOT be there.

There are so many SQL statements I would not be surprised if I could have the entire database schema at my fingertips. I have written in to the instructor to have them notify the web team. They do not want to be left open to SQL injection attempts.



Development, Entertainment, Internet, Rants, Websites.

2 Comments

Jim Dalton

  • 04/21/07
  • 10:38 PM

Good catch dude…we’d never do anything like that at ERE now would we? :)

Joseph Crawford

  • 04/21/07
  • 10:51 PM

ofcourse not, we are the elite team ;)

*runs off to double check his code*

Have your say...

Technology Blogs - Blog Top Sites Add to Technorati Favorites Page Rank Tool NYPHP Users Group View Joseph Crawford's profile on LinkedIn

   

SEO Consultant SEO services