So... you'll need the app to do that

devRant on iOS & Android lets you do all the things like ++ or -- rants, post your own rants and comment on others' rants. You can also set up your profile. Get it now!

Free Swag!

Get a free stress ball if a rant you post gets 750 ++'s

*Some restrictions apply, click "Learn More"

Settings

Enable Dark Theme
Logout
Delete Account

More

Post a Rant
Settings
Log Out
Log In

Verify Your Email

In order to vote, comment or post rants, you need to confirm your email address. You should have received a welcome email with a confirm link when you signed up. If you can't find the email, click the button below.

New Post

Reason for Downvote?

Not for me
Repost
Offensive/Spam
Cancel

Your rant must be between 6 and 5,000 characters

5000

Attach img/gif

Edit Rant

Your rant must be between 6 and 5,000 characters

5000

Attach img/gif

Comment

Your comment must be between 6 and 500 characters

1000

Attach img/gif

Edit Comment

Your comment must be between 6 and 500 characters

1000

Join devRant

Vote and comment on others' rants. Post your own. Build your custom avatar.

!

Must be a valid email address

!

Username already taken

!

Must be over 6 characters

Keep me logged in

By clicking "Sign Up", you agree to the Terms of Service & Privacy Policy. FYI we never show your email to other members.

Already on devRant?

Login

Profile Details

Tell us a little about yourself

Login

You know the deal

!

Email address already registered

!

Email and password do not match

Keep me logged in

Forgot Password? | Signup

Forgot?

It happens to the best of us. If you still need help, email info@devrant.io

!

No account with that email address

Rant Feed
Top Rants
Stories
Collabs
Search

11

Worst security bug/feature you've seen?

Week 25 Group Rant

linuxxx

7y

They used strcmp (PHP) on the main server as only form of authentication...

undefined

wk25

Favorite

Ranter

Join devRant

Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar

Sign Up

Pipeless API

From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API

Comments

1

typodeaf

1259

7y

Oh that's horrible :( Did they at least made sure the input was a string before comparing? I can imagine people POSTing other data types and getting in due to the nature of strcmp

Related Rants

hexacore

3

Picked up a legacy site to re-build, turns out just adding: '?admin=1' to the query string gave you full ad...
blauesocke

6

One of our customer thought it would be too unsecure to send us his AWS credentials by email. So he printed it...
Tale-Of-X9

7

Don't know if this has been post yet before but ohhh well

Company
About
News
Swag Store
Free Swag
devDucks
Contact

Community
Rules
Projects
Bug Repo
Cartoons
Podcasts
Facebook
Twitter

devRant © 2021 Hexical Labs LLC
Privacy Policy | Terms of Service