Thanks for that write-up. The point in complaining is to ensure that no one will say that we did not inform the proper authorities. If they still do not act, they are giving us one more weapon. Security is an issue, as I understand, that many people who design websites or maintain servers are not really aware of or (maybe) concerned about. They will have to learn the hard way. Let us first take up the W3C compliance issue. And, perhaps, the security issue too. Meanwhile, if Aneesh can send a letter to the University (there used to be a complaint box there some time back) authorities, we could wait and see whether they do anything. If they don't we will see what we can do.
Best Sasi On Mon, 2009-05-11 at 07:18 -0700, Visakh wrote: > Hi, > Aneesh! Thanks for the article. But ASP alone may not explain why > you are having problems with firefox. ASP is a server side scripting > technology - it has no effect at the browser. If designed properly, it > should be possible to write an ASP page that works flawlessly at any > browser (Orkut is on ASPX). The problem really is what Sasi sir points > out- non adherence to W3C (World wide web consortium) standards. W3C > is the organization that defines web standards like HTML, CSS etc. Its > like all other web browsers follow W3C while IE follows a totally > different standard. Good developers write W3C compliant pages and > tweak them to work on IE, while half trained ones write pages that > work only on IE. That may be what happened with University. > > If you believe that a complaint is going to solve it- it will be > less than half your worries (and theirs). The site is one of the > crappiest I have ever seen. There is a well known vulnerability that > allows others to view your marklist without requiring your password > (that which they tried to avoid). I once did a rudimentary > vulnerability check on the site. It was just short a cracking attempt > - but if somebody wanted to crack it, the site would collapse in less > than 5 minutes. The site does critical operations like input > sanitation right at the browser using javascript (baaad design!). I > was able to turn off javascript and pass a spurious input. The server > threw up an error with all the internal details - including about HTML > and SQL servers. Forcing this kind of error is the essential first > step in a site cracking. I didn't proceed any further- but just > imagine someone passing some spurious SQL query. They have tons of > student data on the server just waiting to be mauled on! > > So how do you expect a team that can't even ensure basic security to > ensure W3C compliance? Its not so much about arrogance as it is about > incompetence. Having said so much- I am not not trying to discourage > you. I can empathize with you. Its annoying when somebody blames your > choice instead of their own incompetence. Its even worse when it is > about something important as student registration. Finally, as an > epilogue- I can no longer access my student details (incl marklist). > This happens every time- albeit to different students! > > Regards, > Gokul Das > > -- V. Sasi Kumar Free Software Foundation of India Please visit http://swatantryam.blogspot.com --~--~---------~--~----~------------~-------~--~----~ "Freedom is the only law". "Freedom Unplugged" http://www.ilug-tvm.org You received this message because you are subscribed to the Google Groups "ilug-tvm" group. To post to this group, send email to ilug-tvm@googlegroups.com To unsubscribe from this group, send email to ilug-tvm-unsubscr...@googlegroups.com For details visit the website: www.ilug-tvm.org or the google group page: http://groups.google.com/group/ilug-tvm?hl=en -~----------~----~----~----~------~----~------~--~---
