71
C0D4
8y

This one tops the pile for best ... err worst security feature.

<script type = "text/JavaScript">
If( userType != "admin" )
window.location.href = "http://www.example.com";
</script>

What could possibly go wrong?

Comments
  • 2
    Modern applications use both: server side for security, client side for user experience and minifying band with.
  • 0
    @LicensedCrime
    Since it was the only security check to prevent users accessing certain files.

    The userType variable came from a pre defined global being populated by "user" or "admin" via session data.

    Needless to say that didn't stay in play for long after finding it in the project.
Add Comment