Ovid (publius_ovidius) wrote,

  • Mood:

Bad Web site security

My agent sent me an email asking for a more information, so it looks like I still have a potential book deal. My coauthor appears to not have the time to commit to the project, though, so I don't know if I should see what's happening with him or just go it alone.

After I sent the information, they provided me with a link to where it was on their Web site. As this is an agency for author's who write highly technical computer programming books, one might think that they would be aware of technology issues. Nope. As it turns out, one of the forms on their site has a security problem that allows something called an "SQL injection attack". If you know SQL and a little bit about how the Web works, it's trivial to destroy their database or break into their Web site. I sent them an email describing the vulnerability, but I didn't do anything naughty other than uncover the security hole.

And people ask me why I don't shop online ...

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 1 comment