Tower Records Security hole – c|net – This one is really bad security flaw and the write up tells you how it happened. This is a REALLY good example of having a code review AND a set of best practices that you adhere to ABSOLUTELY…. Lots of caps there, but I think you will agree.
The problem… They had their order information form set to method=”get” and that puts the arguments into the URL. When the user saw that, they could enter different order numbers and volia! They are in another customer’s order profile.
[Matt Brown’s Radio Weblog]
Heh. Code Review?
