Sunday, April 22, 2007

This doesn't exactly give you a warm and fuzzy...


So I was ordering a new piece of exercise gear online this morning. And, yes, I saw a pretty good TV commercial yesterday that closed the deal for me. Anyhow, after completing the obligatory, multi-page order form, I got to the Confirm your order button.

When I pressed it, I received this reassuring page (some information redacted to protect the guilty):

Appears that someone needs to read about handling error conditions gracefully as well as tunable logging.

And based upon these errors, I'd wager the site is also susceptible to one or more of the standard attacks (SQL injection, XSS, etc.). Ah well, I've alerted the owner of the site to the situation. And I'll keep you -- all nine of my valued, regular readers -- posted on these momentous topics.

No comments:

Post a Comment