Hi, On May 12, 6:52 pm, Aneesh A <aneesh...@gmail.com> wrote: > No proper software testing. That is the problem, As I think.
Yes. I agree. That would explain both the operability issues, security issues and compatibility issues. > On student side, no problem in using firefox. > On administrator side, ie, teacher's verification, there appears no photos Well, if we place a complaint we will have to be very specific- like a bug report. Exact nature and ways to recreate it will have to be specified. For example, if there is a firefox/W3C incompatibility, we will have to show atleast one instance, or define exact problem. The problem you mentioned could be an abnormal case. However, if it can be recreated multiple times in multiple platforms (like different systems, OSs or browser - even just 2 cases would suffice), it would qualify as an ideal example. > Also my friend tried to register, He got all SQL queries and all.. Exactly the kind of flaw that I am talking about. Whenever a server returns an error message, either it should be a standard message (like 404 file not found) or a Web app exception handled message. Anything else will contain sensitive information about internal system- like Web server configuration, Database information, SQL code etc. Did I mention that this server sent me back a portion of the web app's ASP code when tested? Just more information for a cracker to further his attempt. Anyway, that info about SQL is useful. > To Vishak, You are pretty good hacker. (Didn't meant hacker). I presume it was a compliment. Thanx! :D But I don't qualify as hacker by either Free software community definition or security community definition (cracker). My field is actually electronics & communication engg. I know more about protocols, encryption and security than web programming and designing. In other words, somebody else with expertise in these will have to explain to the university why their design is insane! > I am not blaming ASP. I wished that it had been done using php.... that's all. Technically, Java EE would satisfy these needs (security, scalability, responsiveness) better than either ASP or PHP. It has FOSS implementations too. But I know this is not point you make. This is not the first time public agencies are taking a contradictory stance on FOSS. Remember the e-VAT and PPT in +2 issues? We already have along list of these. Its about time they get reminded about this. > Also there is no password recovery form... It is a real problem as I > explained in blog. No arguments there. They simply didn't do their homework. To get password back, we have to first face their apathy. Even then, they just can't avoid accidentally causing password mixups! Regards, Gokul Das --~--~---------~--~----~------------~-------~--~----~ "Freedom is the only law". "Freedom Unplugged" http://www.ilug-tvm.org You received this message because you are subscribed to the Google Groups "ilug-tvm" group. To post to this group, send email to ilug-tvm@googlegroups.com To unsubscribe from this group, send email to ilug-tvm-unsubscr...@googlegroups.com For details visit the website: www.ilug-tvm.org or the google group page: http://groups.google.com/group/ilug-tvm?hl=en -~----------~----~----~----~------~----~------~--~---