Learn More
Resend Email
12
jesse-bryant
3y

A government website that I wanted to try and scrape data from to make a better app, I've actually found to be the pinnacle of a demonstration of what NOT to do...

Containing a JavaScript file that not only had got code copied 3 times (changed the tiniest bit on each) for what environment it's on, but has ALSO got the API keys for all 3 environments, AND the APIs they've made it call from there pass FULL SQL right in the query string...

What. The. Actual. Fuck?!

rant

disaster waiting to happen

wtaf
Favorite
Ranter
Comments
  • 2
    3y
    That's really sad especially if it could be a source of a serious data breach.

    Do you think it's safe to point this out?
  • 2
    3y
    Guess it's time to see if the sql user has dbOwner :-p
  • 1
    3y
    The devs were either dumb af, or pissed off at the gov refusing to let him use any new tech or architecture that's "new" (-er than 15 years)
  • 1
    3y
    @skylord IE6 was a requirement probably.

    I even saw a project with "IE6" requirements around 5 years ago ! And I BET my life, there are STILL in some administrations IE6 running with some custom half baked ActiveX which is almost impossible to get rid of
  • 0
    3y
    Fortunately; there is no trace of personal identifiable data (at least not since I've given myself some time to really explore this security home), but while the UX is pretty poor, it is probably used a fair bit and open to having its database wiped...
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment