On Wed, 2003-10-01 at 17:45, Bret Hughes wrote: > On Wed, 2003-10-01 at 16:25, Chris Purcell wrote: > > http://info.redhat.com/a/tA-eyxnAJPSNNAOMy0zADrb0g7z/rhat46 > > > > When you click the link above, the URL will be redirected to a redhat url > > with value of price=xxxx. Just change the price, and you've changed the > > cost of your Redhat Training. See, RHCE IS affordable! > > > > Nice programming Red Hat. > > > > That is kind of funny seems like using post would have been a bit > better.
No HTTP method would fix bad programming like that. There is NO reason their site should accept those parameters. This is the first lesson of web programming... NEVER pass unchecked values into a form. They should have simply pulled the form values out of their database based on the "special code". Ugh. This ranks right up there with the inability to delete old users from a RHN account. It also reveals a lot about the quality of their (site) software development staff. -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
