你见过的最糟糕的安全漏洞? [英] Worst security hole you've seen?

问题描述

您见过的最严重的安全漏洞是什么?限制细节以保护罪犯可能是个好主意.

What is the worst security hole you've ever seen? It is probably a good idea to keep details limited to protect the guilty.

对于它的价值，这里有一个 问题 如果您发现安全漏洞该怎么办，以及另一个有一些有用的答案.

For what it's worth, here's a question about what to do if you find a security hole, and another with some useful answers if a company doesn't (seem to) respond.

推荐答案

一个在线文档管理器怎么样，它允许设置你能记住的每一个安全权限......

How about an online document manager, which allowed to set every security permission you could remember...

直到您进入下载页面... download.aspx?documentId=12345

That is until you got to the download page... download.aspx?documentId=12345

是的，documentId 是数据库 ID(自动递增)，您可以循环每个数字，任何人都可以获取所有公司文档.

Yes, the documentId was the database ID (auto-increment) and you could loop every single number and anyone could get all the company documents.

当收到此问题的警报时，项目经理的反应是:好的，谢谢.但是之前没有人注意到这一点，所以让我们保持原样.

When alerted for this problem the project manager response was: Ok, thanks. But nobody has noticed this before, so let's keep it as it is.

这篇关于你见过的最糟糕的安全漏洞?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！