2023- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
- 2014
- 2013
- 2012
- 2011
- 2010
- 2009
- 2008
- 2007
- 2006
- 2005
- 2004
- 2003
2002
GD Graphics Library- Solstice Calculations
- Runaway Software
- Bah Humbug
- Indefinite Leave
- Guy Fawkes on a Budget
- Halloween
- Expired Visa
- NASA TV
- NetMedia
- The Exam
- Drive Crash
- Flood
- Red Tape
- Back to Canada
- Horses
- Bad Résumés
- London and Paris
- More Seagulls
- Suspension Bridge
- Javacrypt Solved
- MACHOs vs. WIMPs
- Ottawa from the Air
- Linux on Desktop
- Mating Season
- Insecurity
- Bicycle Thief
- Bandwidth Thief
- Weird Email
- Slashdot Articles
- Scientology
- Javacrypt
- Nostalgia
- New Domain!
Insecurity
14 April 2002
One of our clients asked me to configure a web application on a server hosted by a third party. In the course of the work I discovered that the hosting company had no security to prevent one client from modifying or deleting the data of another client. Naturally I informed both our client and the hosting company of this, along with recommendations on how to fix it. You'd expect that the hosting company would increase their security, right? Nope, they found a much cleaner way to deal with the hole: they simply terminated our client's account!
This little adventure has prompted me to publish some thoughts about the inter-account security (or lack thereof) in many virtual hosting facilities. Read More...
