Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@runardev can you agree with the managment to have a live demonstration on the prod system where you manipulate the data of the person who written it?
My plan for an perfect event would be this:
1. He verifies that the system is untampered.
2. You log in as the unprotected admin and talk what you just make, like in a youtube lets play of an game.
3. Ask one of the managment to log in via the unprotected admin to change things he wants to do.
I recommend that if its possible to use from the internet to use an pc that only has access to the internet.
And make a backup before this. -
@runardev and after that help him after that to repair/secure the system. The best way is to help him to fix ghe mistakes so he ca learn or the managment will think that you are mobbing him.
Great news, our company's has a brand new security-first product, with an easy to use API and a beautiful web interface.
It is SQL-injection-enabled, XSS-compatible, logins are optional (if you do not provide a password, you are logged in as admin).
The json-api has custom-date formats, bools are any of "1", "0", 1, 0, false or null (but never true). Numbers are strings or numbers. Utf-8 is not supported. Most of our customers use special characters.
The web interface is using plain bootstrap, and because of XSS it is really easy to customize everything.
How the hell this product got launched is beyond me.
rant