你见过的最糟糕的安全漏洞? [英] Worst security hole you've seen?
问题描述
您见过的最严重的安全漏洞是什么?限制细节以保护罪犯可能是个好主意.
What is the worst security hole you've ever seen? It is probably a good idea to keep details limited to protect the guilty.
对于它的价值,这里有一个 问题 如果您发现安全漏洞该怎么办,以及另一个有一些有用的答案.
For what it's worth, here's a question about what to do if you find a security hole, and another with some useful answers if a company doesn't (seem to) respond.
推荐答案
一个在线文档管理器怎么样,它允许设置你能记住的每一个安全权限......
How about an online document manager, which allowed to set every security permission you could remember...
直到您进入下载页面... download.aspx?documentId=12345
That is until you got to the download page... download.aspx?documentId=12345
是的,documentId 是数据库 ID(自动递增),您可以循环每个数字,任何人都可以获取所有公司文档.
Yes, the documentId was the database ID (auto-increment) and you could loop every single number and anyone could get all the company documents.
当收到此问题的警报时,项目经理的反应是:好的,谢谢.但是之前没有人注意到这一点,所以让我们保持原样.
When alerted for this problem the project manager response was: Ok, thanks. But nobody has noticed this before, so let's keep it as it is.
这篇关于你见过的最糟糕的安全漏洞?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!