Developers Unleash More Wild Magic
What, foolish mortals playing with things they don’t understand because it’s cool? Say it ain’t so:
Software developers using Asynchronous JavaScript and XML (AJAX) techniques to jazz up corporate Web sites are failing to pay attention to some very fundamental security issues, researchers warned at the Black Hat USA conference here Wednesday.
As a result, many companies that have rushed to AJAX-enable their sites may be dangerously vulnerable to a variety of Web-based threats they’re not even aware of.
So once again, software “engineers” put on their pointy hats, mutter some incantations, and in most cases, the user gets data loaded into a Web site without a page refresh, but every once and again, a boy in India suddenly gets rich, an airplane drops 10,000 feet rapidly, a Martian rover does a doughnut, or an Eastern European crime syndicate steals the user’s data.
And the grown ups in QA have to try to simulate all of those situations to test for them.
August 4th, 2007 at 11:40 pm
Funny how “rush” and “vulnerable” are linked yet again. Yet what does every hiring manager want in his or her code monkeys? “Works well under pressure and tight deadlines.” That’s swell when you’re talking about military officers and football coaches, but why do we insist on having programmers going off half-cocked, making snap decisions while stressed out and sleep-deprived? Wouldn’t it be better if real adults sat and discussed the actual problem and then maybe doing a little design up front, and then sat back and thought about it a little bit? Oh right, it’s okay, we don’t need to do that, because we made them sign NDAs.