[LINK] The ACS, TIPI and ICT in Australia
Jan Whitaker
jwhit at melbpc.org.au
Sat Aug 19 18:37:35 AEST 2006
At 06:04 PM 19/08/2006, Rick Welykochy wrote:
>The letter O was entered instead of the number zero for the variable notID.
>'673O' should be '6730'.
tried the changed version.
Result: You are trying to access a restricted area of our website. If you
think you should have access to this page, please email
webmaster at acs.org.au to gain access
>The software is not resilient. Makes one wonder if any other more serious
>things could be fired at this cold fusion code to break it.
>
>What is far worse is that the error information (supposedly private and
>privileged
>data) was dumped to the public.
I assume you meant what I saw as the dumper, not me being the dumper. ;-)
>A "500 Internal Server Error" would have sufficed in this case, with the
>actual
>dump of information being sent privately to the webmaster.
..by the website when the error resulted. Good suggestion, Rick.
Jan
Jan Whitaker
JLWhitaker Associates, Melbourne Victoria
jwhit at janwhitaker.com
business: http://www.janwhitaker.com
personal: http://www.janwhitaker.com/personal/
commentary: http://janwhitaker.com/jansblog/
'Seed planting is often the most important step. Without the seed, there is
no plant.' - JW, April 2005
_ __________________ _
More information about the Link
mailing list