|
|
|
|
|
|
by girish_h
4559 days ago
|
|
|
Its easier to criticize a group without understanding the background of what they have achieved. The Indian Railways runs one of the largest ecommerce sites in India - a site that has seen a consistent YoY growth over the last few years since its launched. Last year, they are believed to have earned a revenue of nearly 100M USD. The guys who built their reservation system have very good engineering chops - in fact these systems hit peak load of about a million queries (every day) during 10 AM - 12 noon (IST) when users and reservation agents try to access the site irctc.co.in from browsers / mobile / reservation counters etc. The "captcha" was not even in this page a month back. The "PNR Enquiry" for which this page is intended is a feature that can be accessed through SMS & also from the irctc website. This is possibly the least visited page in indianrail.gov.in I have been an active user of both irctc.co.in & indianrail.gov.in over the last 7-8 years and have seen how these sites have grown. |
|
|
That being said, your defense of the site makes it sound even worse. Not only is the captcha horrible, but it took them almost all the way until 2014 to even implement one.
It is quite possible to have exceptionally good engineering chops and still be completely clueless when it comes to security.
I hope that the rest of the code powering this $100 million annual eCommerce traffic isn't as fundamentally flawed from a security aspect.