A little knowledge is a dangerous thing

Forum Moderators: open

Message Too Old, No Replies

A little knowledge is a dangerous thing

Examples of foolishness on display

vincevincevince

3:50 am on Sep 25, 2007 (gmt 0)

Any examples to add to my list?

I encountered a site with a CAPTCHA on the contact form.

<img src="/captcha.php?code=s34j4" />

I frequently see domain privacy in the WHOIS but full address details listed on the website

A website with correctly implemented CAPTCHA on the contact form, but the email address listed in plain HTML just above.

King_Fisher

4:13 am on Sep 25, 2007 (gmt 0)

As Forest Gump says "stupid is as stupid does"...KF

jecasc

1:20 pm on Sep 25, 2007 (gmt 0)

Captchas are sooo yesterday anyway. I go with random names for input tags.

Works like a charm. No captchas needed anymore and my contact forms and my forums are free from automated spam.

At least until someone begins to identify the input fields by order of appearance...

Dabrowski

1:36 pm on Sep 25, 2007 (gmt 0)

At least until someone begins to identify the input fields by order of appearance

If you used a server script to generate the form, then capture it, you could randomise the names on every page impression. Just a thought if it becomes a problem.

jecasc

1:57 pm on Sep 25, 2007 (gmt 0)

If you used a server script to generate the form, then capture it, you could randomise the names on every page impression. Just a thought if it becomes a problem.

That's what I'm doing. :)

If it becomes a problem I'll randomize the order of appearance, too.

I just remembered the most stupid thing I ever did on my website. I decided it would be a clever idea to send myself an automated email everytime an PHP error occured. I implemented the solution and a few minutes later I already had about 5000 emails in my inbox...

Gibble

2:08 pm on Sep 25, 2007 (gmt 0)

Well, if you want more examples of dumb...

The structure of a stored proc I saw yesterday...

BEGIN TRANSACTION
SELECT id FROM table WHERE it exists
IF NOT record found THEN
do something
COMMIT TRANSACTION
ELSE
ROLLBACK TRANSACTION

...uh...wth. If there is a record found we rollback...rollback what? All we've done is a select. There's no rollback anywere else in the code...so what was the point of having a transaction?

Dabrowski

2:14 pm on Sep 25, 2007 (gmt 0)

Oh I see, you mean someone ignoring the names and physically coding the field order.

Definately a problem, but could be confusing to people if the order keeps shuffling.

Why not add a pre-filled hidden field, and randomise it's position?

Dabrowski

2:19 pm on Sep 25, 2007 (gmt 0)

Gibble,

I've seen that sort of thing before, and infact written that sort of thing before. It looks like page refresh protection, to stop it duplicating something if the user hits refresh.

Obviously I don't know what context that's in, but it could be something like that.

Gibble

2:26 pm on Sep 25, 2007 (gmt 0)

Nah, this persons code is always this bad...