[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Credit Card data disclosure in CitrusDB

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Credit Card data disclosure in CitrusDB
From: Loptr Chaote <loptr.chaote@xxxxxxxxx>
Date: Sun, 13 Feb 2005 12:01:20 +0100

On Sat, 12 Feb 2005 23:31:03 +0100, Maximillian Dornseif
<dornseif@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> Fix
> ===
> 
> Update to CitrusDB version 0.3.6 or higher and set the $path_to_ccfile
> in the configuration to a path not accessible via http
> 

How about NOT using software coded by people without _any_ sense for
security as a fix? Seriously, this "bug" is intolerable, even for
"beta" software. Who ever the authors, they should never have been put
in front of a developer environment..

What's this new wave of idiocy and point-and-click mentality. All of
the sudden everyone is a coder?

This shows that they have no knowledge of security whatsoever, and
THAT is not the kind of people you want writing software to handle
credit card information and/or other sensitive data.

Am I the only one being stumped here? 

-LC
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [lists] Re: [Full-Disclosure] Credit Card data disclosure in CitrusDB
  - From: Curt Purdy

References:
- [Full-Disclosure] Credit Card data disclosure in CitrusDB
  - From: Maximillian Dornseif

Prev by Date: RE: [Full-Disclosure] Re: [Mailman-Developers] mailman emailharvester
Next by Date: Re: [Full-Disclosure] Re: [Mailman-Developers] mailman emailharvester
Previous by thread: [Full-Disclosure] Credit Card data disclosure in CitrusDB
Next by thread: RE: [lists] Re: [Full-Disclosure] Credit Card data disclosure in CitrusDB
Index(es):
- Date
- Thread