• 0

This is why some people should NEVER be allowed near technology


Question

I cry a little inside whenever I see this kind of poor setup, indeed somebody had to go out of their way to be incompetent.

 

BlK2_UlIYAAiuYu.png:large

Link to comment
Share on other sites

19 answers to this question

Recommended Posts

  • 0

That's quite funny, considering it's showing code from the section which does payments. Bit funny how they've not coded in the exception of it not talking to whatever server it's trying to talk to though. That's ridiculous.

Link to comment
Share on other sites

  • 0

Well the public source code disclosure makes it bad ;-)

Not really, there's nothing special about the code.

Sure, if it was leaking the private key or something then it'd be bad.

Link to comment
Share on other sites

  • 0

Yea, in *this* code, but the error could have happened at other places where more sensitive could would be disclosed. Which is why you should never disclose error messages (with code in particular) on productions sites.

Link to comment
Share on other sites

  • 0

Not really, there's nothing special about the code.

Sure, if it was leaking the private key or something then it'd be bad.

 

Well you should NEVER expose these kind of error messages to the outside world, just because this time it didn't reveal usernames or passwords who is to say the next error won't. Indeed you have to set it to do this so how could anybody trust their credit card details and house information to any company this incompetent ?

 

You will notice the folder Test1 - now if that doesn't fill you with dread I don't know what would :)

Link to comment
Share on other sites

  • 0

Haha yeah you should probably be quite sharp on handling payment errors...but "gone out of their way to be incompetent" seems a little overkill. If anyone can honestly tell me they have never failed to catch an exception...then they have not programmed enough =P

 

Oh...and I guess the "Test1" should probably be migrated to a "production" path for a payment system =P

Link to comment
Share on other sites

  • 0

Dot Net 2 ...  :laugh:

Yep so lets see what vulnerabilities are available for that version :devil:

Link to comment
Share on other sites

  • 0

Haha yeah you should probably be quite sharp on handling payment errors...but "gone out of their way to be incompetent" seems a little overkill. If anyone can honestly tell me they have never failed to catch an exception...then they have not programmed enough =P

 

Oh...and I guess the "Test1" should probably be migrated to a "production" path for a payment system =P

 

The reason I say incompetent is that I am sure you have to turn on remote errors (although not 100% sure so correct me if I'm wrong) for asp.net

Link to comment
Share on other sites

  • 0

I read somewhere that if you have to close source a website for security reasons than you've programmed it incorrectly.

 

So far I've not thought of a case where that's untrue. I've never made web code that if seen would cause a security breach as I don't put sensitive data into my source code; my source code (I believe) shows no vulnerabilities when viewed. It'd be wrong to assume it's due to the nature of what I do. The data that is sensitive from my website is very sensitive, and if breached would be very bad news for a great deal of people.

 

Having said that, this is an uncaught exception and does show some inability, I wouldn't be surprised if their code contained sensitive data.

Link to comment
Share on other sites

  • 0

Well, he missed a exception. I think the best you can do is send him a email to correct it :)

 

10 days for an email reply. Twitter no reply and Facebook they are suggesting they could not find a problem !!!

Link to comment
Share on other sites

  • 0

10 days for an email reply. Twitter no reply and Facebook they are suggesting they could not find a problem !!!

Well, you did the best you could :) Personally, if they could not find a problem, then I agree; You shouldn't lend your money to that site.
Link to comment
Share on other sites

  • 0

Ok just an update for those interested. Several emails and a formal complaint later this was their latest email to me.

 

 

"Further to my earlier emails, I have discussed this issue with some colleagues. I am aware that you have previously raised this problem via social media, but we were unable to locate your account with the information provided at that time.

 

I have been advised that this issue has been looked into by our software providers and they have advised that despite thorough investigation, they have been unable to replicate the error you have noted. They have stated that if you are able to provide some more detail as to the steps you took to be presented with this screen, they will be able to offer further advice."

 

I really cannot understand how these people can stick their head in the sand so badly.

Link to comment
Share on other sites

  • 0

The reason I say incompetent is that I am sure you have to turn on remote errors (although not 100% sure so correct me if I'm wrong) for asp.net

You do. The default behavior in IIS is to return a generic error page. To see that kind of detail you have to change settings or view the site (and error) from the server itself.

 

-Forjo

Link to comment
Share on other sites

This topic is now closed to further replies.