<b>Applications that SUCK!!!!!</b>
In this world of third-party insanity, I'm constantly amazed how much companies spend for third-party applications that are written like crap and have ZERO security. Lately, I've been plagued by a series of third-part applications using the sa username and password. When you ask them WHY, they get angry and explain that's how the applications were designed. When I politely explain to them that they are idiots, they don't seem to comprehend WHY. So, I'll say it again.....YOU'RE AN IDIOT!!!!!
Magic
Websense (http://www.websense.com/)
- Focusing on the security of the web. HAHAHAHA
RATA HMDA Compliance software (added 20050517)
- This one kind of cracks me up. The default installation creates an account and assigns sysadmin server role rights to it.
- HELLOOOOOOOOO!!!!!!!
I’ll add to the list as I think about more. Let me know your personal favorites.
Legacy Comments
|
robvolk
2005-01-12 |
re: <b>Applications that SUCK!!!!!</b> <i>Focusing on the security of the web. HAHAHAHA</i><p>Hey, there's no conflict there. The web sites are secure...it's your DATABASE SERVERS that are open wider than a $5 hooker with a $100 bill. |
|
darktrooper
2005-01-17 |
re: <b>Applications that SUCK!!!!!</b> We had a third-party database application that used an INI file to store SQL credentials. When they sent to sample INI file it had a key for the username (already filled in with 'sa') but no key for the password. When I asked about it they were very suprised to know that my sa account had a password. Needless to say I didn't use the sa account, or any account with a blank password once they gave me the info to setup the password. Also, some time later they sent out a message to all their customers informing them about a worm that exploited SQL servers with blank sa passwords... scary stuff |