WingNews logo WingNews
top | item 8565274

(no title)

iolsantr | 11 years ago

Stories like these make me never want to make a http webservice again. HTTP(S) is just way too complicated for me to ever be confident I've done everything right. It's getting to the point where webservices are like crypto: only experts should touch them.

discuss

order

jwarkentin|11 years ago

Being aware of exploits and protecting against them comes with the territory. Luckily there are things like owasp.org to help developers keep up on web security. However, security is hard and it can't be done absent mindedly. There is no getting around that.

phkahler|11 years ago

If the standards were more strict, some of these issues would not exist. I see this as exploiting a lot of slop in protocols. It should not be possible to interpret a URL as anything but a URL, yet here it's being reflected back and interpreted as something else entirely.

iolsantr|11 years ago

I get that. I just dread the days when malpractice for programmers is as common as it is for doctors. I like building functionality, not fortresses.