|
I can't post it because I don't have access to it any more, but I was recently contracted to do an audit on the code of a custom mailing list program after the company doing it said (after a year of "development") that MySQL could only handle around 50,000 emails and that to handle the 450,000 expected ones they would have to upgrade the server to Oracle. The program itself was out of my league so I subbed it out to a friend who is an amazing programmer and he would send me examples of the security like "12345" type passwords and completely illegal and actionable stuff like the inability to opt out of the list. Other things he found going through it: -database password was wrong -No error checking on mysql_connect, mysql_query, or much of anywhere actually. -Opt out wasn't just broken, it just didnt' work. "when it displays the results of the filter/search it omits the people marked as opted-out. Buuuuuuut, when it processes to send email it doesn't." This is how my friend described the entire project: "The site is like....a kid knows his multiplication tables, but that doesn't mean he knows how to apply that to solving applied calculus. The guy that did this site knows that nuts fit on bolts, but can't build a truss." I have been cleaning up after this development company and their big product is this all encompassing content management system that would take someone three months to learn how to create learning PHP/MySQL from scratch.
|
# ¿ Mar 21, 2008 19:37 |
|
|
# ¿ Apr 30, 2024 03:47 |