Quote:
Originally Posted by cdreid
I've been programming computers since i was 17. Thats 30 years. Mostly as a hobby but also professionally.
IT is NOT like locking your business door for the night and being sure that its safe. And the problem isnt even really the corporations employees. IT is usually microsoft but in some occasions it is one flaw in one routine in a process that noone thought could be hacked. As an example the most prolific programming language for serverside web apps used to be php. About 10 years ago someone discovered an idiot programmer forgot to do bounds checking and that you could just add on commands to the end of a URL and the webserver would execute them. Which meant you could do anything you can concieve of on the server... I HATE corporations and how corporate and fascist america is becoming but you really cannot blame the corporations for this they truely do their best.
|
Hey, a fellow hacker (good sense of the word)!!!
Yeah SQL injection and all the rest is how bad people get in, but why leave treasure laying around unprotected? Why not encrypt the credit card data? In fact, if mere amateurs like you or I designed security for any of these websites, we might start with a simple realization. When the user logs on, he only needs to have a single user's (his own), personal information decrypted. Under no circumstances should the web code decrypt all users' info.
The one and only exception to that (that I can think of atm) is a site's billing. A site like OOIDA has thousands of credit cards to bill every day of the month. But even there, mere amateurs like you or I would put that code on a different computer that's separate from the web code and can't be reached by someone breaking in. Sometimes I think the web is run by kids. I see too much value placed on cleverness and not enough value placed on wisdom. What can go wrong, will!!!
