Applications that SUCK!!!!!

In this world of third-party insanity, I'm constantly amazed how much companies spend for third-party applications that are written like crap and have ZERO security.  Lately, I've been plagued by a series of third-part applications using the sa username and password.  When you ask them WHY, they get angry and explain that's how the applications were designed.  When I politely explain to them that they are idiots, they don't seem to comprehend WHY.  So, I'll say it again.....YOU'RE AN IDIOT!!!!!

 

Magic Helpdesk Software (http://www.remedy.com/solutions/magic/)

Websense (http://www.websense.com/)

  • Focusing on the security of the web.   HAHAHAHA

RATA HMDA Compliance software (added 20050517)

  • This one kind of cracks me up.  The default installation creates an account and assigns sysadmin server role rights to it.
  • HELLOOOOOOOOO!!!!!!! 

 

I’ll add to the list as I think about more.  Let me know your personal favorites.

 

Print | posted on Wednesday, January 12, 2005 7:45 PM

Comments on this post

# re: <b>Applications that SUCK!!!!!</b>

Requesting Gravatar...
<i>Focusing on the security of the web. HAHAHAHA</i><p>Hey, there's no conflict there. The web sites are secure...it's your DATABASE SERVERS that are open wider than a $5 hooker with a $100 bill.
Left by robvolk on Jan 12, 2005 8:29 PM

# Anatoly Lubarski's T-SQL Weblog

Requesting Gravatar...
Good summary of T-SQL blogs.
Left by Pingback/TrackBack on Jan 13, 2005 9:20 PM

# re: <b>Applications that SUCK!!!!!</b>

Requesting Gravatar...
We had a third-party database application that used an INI file to store SQL credentials. When they sent to sample INI file it had a key for the username (already filled in with 'sa') but no key for the password. When I asked about it they were very suprised to know that my sa account had a password.

Needless to say I didn't use the sa account, or any account with a blank password once they gave me the info to setup the password.

Also, some time later they sent out a message to all their customers informing them about a worm that exploited SQL servers with blank sa passwords...

scary stuff

Left by darktrooper on Jan 17, 2005 3:30 PM
Comments have been closed on this topic.