Hacker News new | ask | show | jobs
by klyrs 2692 days ago
That brings me back to the year 2001, when my boss's browser history introduced Alexa to our admin page and they spidered a bunch of [delete] links. cough cough good thing it was only links from the main page to data, and not the actual data. I spent the next few days fixing several of problems that conspired to make that happen...
1 comments
Piskvorrr 2692 days ago
As in, anybody with a link to /delete could delete things? No identification/authentication/authorization needed?
link
klyrs 2692 days ago
> I spent the next few days fixing several of problems that conspired to make that happen...

Yes, I was a total n00b in 2001. But then, so was e-commerce.

link
klyrs 2692 days ago
and fwiw, I knew exactly how bad our security was... I kept my boss informed, but he had different priorities until Alexa "hacked" our mainpage :p
link