|
Thanks!
I'm brazilian and english (well, human languages in general) aren't my best skill, so, sorry by my english. (if you want we can speak in C# or VB.Net =p)
|
|
|
|
|
You're welcome!
I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We've created life in our own image.
Stephen Hawking
|
|
|
|
|
You need to understand that a thing like this,
string DocumentName = string.Format("Application - [{0}] - {1:yyyyMMdd}", Person.RegistrationNo, DateTime.Now);
was not easy to understand and it could trick less experienced developers!!!
Cheers!!!
|
|
|
|
|
Joke? That's far easier to read than what was originally posted.
|
|
|
|
|
Well it is flagged as a joke, also I hope my tone was sarcastic enough.
Cheers
|
|
|
|
|
Okay, just checking 
|
|
|
|
|
I would think this is how it's supposed to be done.
string Daternator()
{
DateTime dt = DateTime.Now;
string result = "";
for (int i = 0; i < 3; i++)
{
if (i == 0)
result += dt.Year.ToString() + ", ";
else if (i == 1)
result += dt.Month.ToString() + ", ";
else if (i == 2)
result += dt.Day.ToString() + ", ";
}
result = result.Remove(result.LastIndexOf(" "), 1);
result = result.Remove(result.LastIndexOf(","), 1);
Start:
MatchCollection mc = Regex.Matches(result, @"\b(\d)\b");
foreach (Match m in mc)
{
if (m.Success)
{
result = result.Insert(m.Index, "0");
goto Start;
}
}
return string.Format("Application - [{0}] - " + result, this.Person.RegistrationNo.ToString());
}
modified 21-Oct-12 5:28am.
|
|
|
|
|
|
LiveFreeCodeHard wrote: CodeHard
Your name starts making sense now.
|
|
|
|
|
And I thought the WTF was a "maximum" function which takes a string and an int, until I saw the comment...
|
|
|
|
|
Hey all, here's an interlude to the regularly scheduled 'weird, wide world of windows'
my $olddatemails = `ls -t Mailed20??????`;
my $datemailed = "";
$datemailed = $1 if ($olddatemails =~ /(20\d\d\d\d\d\d)/s);
die if ($datemailed eq "");
...
$newdate = $datemailed;
while ($parse =~ s/Mailed(20\d\d)(\d\d)(\d\d).*?\n//s)
{
$newdate = $1 . $2 . $3;
}
`mv "Mailed$datemailed" "Mailed$newdate"` if ($datemailed lt $newdate);
How many tautologies and inconsistencies can you count??? 
|
|
|
|
|
First of all, what programming language is that?
|
|
|
|
|
Really? That's almost as depressing as the fact that the jackass who authored this atrocity is in effect my superior..
(also, Perl)
|
|
|
|
|
bulg wrote: the jackass who authored this atrocity is in effect my superior
Your superior or your supervisor? 
bulg wrote: Perl
Remind me to never use Perl. 
|
|
|
|
|
He's "in" with the owners, but not technically my boss.
AspDotNetDev wrote: Remind me to never use Perl.
So true!
|
|
|
|
|
I used to use perl a lot ... I think I just threw up a little in my mouth.
|
|
|
|
|
Is this for real??
I hope I have not become rusty on my Perl skills, as I am unable to comprehend how this ever works out
--> Getting information off the Internet is like taking a drink from a fire hydrant.
--> In three words I can sum up everything I've learned about life: it goes on.
|
|
|
|
|
|
Confirmation.asp?order=179000[^]
Lost interest after this.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair.
nils illegitimus carborundum
me, me, me
|
|
|
|
|
|
Okay what's wrong with that? It uses HTTPS and that should be good enough for everybody. 
|
|
|
|
|
So were 512k some decades ago. 
Also, look 2 threads below (incidentally, one that I've started). It mentions exactly this problem.
Full-fledged Java/.NET lover, full-fledged PHP hater.
Full-fledged Google/Microsoft lover, full-fledged Apple hater.
Full-fledged Skype lover, full-fledged YM hater.
|
|
|
|
|
|
 
That's gotta be the best laugh I've had all week. Since I was on a bender, thought I'd send this email to the company. Let their response time be a testament to how seriously they take security.
Gday Sir/Madam,
Have just read a forum post that lambastes your website for it's poor security. There are at least 2 problems with it as it stands
1) You've used a HTTP GET to pass variables to this page (the order number is present in the URL)
2) You've not authenticated the viewer as being the customer that placed the order.
For instance, I can enter the URL "https://www.alcatraztrips.com/Confirmation.asp?order=17900" and straight away see that Mary Cruz did attend the tour on 27 Sep 2005, leaving from Pier 33 at 11.15am
I can then enter the URL "https://www.alcatraztrips.com/Confirmation.asp?order=169000" and similarly I can see that Silvia Bollati is scheduled to attend a tour on the 25th August 2012 (13 days from now) Also departing pier 33, this time at 10am.
What if I or somebody else wanted to harm Silvia? Simple, run a program to harvest all the orders on your website, scan through them for the name of a purchaser of interest
It certainly doesn't take somebody that's particularly bright to understand that
(a) This is a massive security hole
(b) If somebody scheduled to attend the tour was located as a result of the service and subsequently murdered, your company would be held liable!!!
Kind of ironic for a website that deals in tours to a decommissioned Prison, don't you think?
You can view the lambasting here: http://www.codeproject.com/Messages/4335687/Alcatraz-the-tourist-website.aspx
Cheers,
Simon.
Make it work. Then do it better - Andrei Straut
|
|
|
|
|
That was funny
Also, I've seen myself quoted in your sig (can't 5 twice), and although I'm flattered, you should know that it's not my invention, I've heard it on the interwebz somewhere
Full-fledged Java/.NET lover, full-fledged PHP hater.
Full-fledged Google/Microsoft lover, full-fledged Apple hater.
Full-fledged Skype lover, full-fledged YM hater.
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
