Results 1 to 4 of 4
  1. #1
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,109

    Selling of insecure Scripts - When to give Notice

    While your suggestion and intent are good, this is a sales thread.
    Comments about how to improve something can hurt sales (thus the rule
    about no ad critiquing), so we'll be removing this post.
    That was an eMail msg. I received earlier today. Why? Because in the "Templates/Graphics Offers and Requests" Forum, I had made a post to a person selling a "known" insecure script, that they should make it more secure before selling it. I say "known" because I tested it myself. The script used for the 'contact' page was so bad, anyone could use it send to out their Spam, with the person owning the Hosting account getting the blame for the sending. As the security for this script is none, the script could be also used to potentially do damage to the Hosting account using it and/or the Server it is hosted on.

    Although the rule for "no ad critiquing" has its place, common sense tells us; if someone is selling something that is "known" to be stolen or illegal then that rule goes out the window. Why should it be any different for someone trying to sell a "known" script that is insecure? I say it's time to put the same thinking towards the selling of insecure scripts -- when proven to be insecure -- as we do stolen or illegal.


    Is it more important to protect the Seller or the Buyer?

    As Forum Members, should we not do something to protect other Forum Members from purchasing something that will potentially allow their Hosting account to get hacked or abused? At the very least, people selling something that is "known" to be insecure, should make mention that additional security is required. Even better, don't provide an insecure script with any Templates.

    I see these type 'security' issues becoming more important in the near future. Especially when said "insecure" script is sold through a 3rd party medium like a Forum.

    Your thoughts...
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

  2. #2
    Join Date
    Jul 2002
    Location
    Tasmania, Australia
    Posts
    34,793
    When people are selling a site, they don't usually expect a site review. If you find a problem on their site, PM them and alert them, or report the post so we can look into it. Looking at your post, it appears you were picking faults without describing exactly what you perceived the real problem to be.
    If you don’t like the road you’re walking on, start paving a new one.

  3. #3
    I think the seller should fix it to be honest, but he might not know how.

  4. #4
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,109
    My (removed) post specifically mentioned the form script used in the 'contact' page and how the Seller should code it for input verification and prevention of others using it to send Spam.

    Yes, a PM could have been sent but as I do have first hand experience with insecure scripts, such as the one being discussed, and first hand experience of the problems they can cause, I had to choose between alerting the; Seller, potential Buyer, or both. By making the post I did both.

    If it was being sold from someone's Web site it would be different story. Being sold from a Forum puts a different perspective on things. I realize security issues with scripts being provided for free or for sale are not a big issue with most people. At any Forum the Members will be at all different levels of knowledge and experience. Those of us with the ability to spot an insecure script/program that is being sold through the Forum should do something, and making a post about it is the easiest, faster way.

    I'm also bringing this issue to light because, as I mentioned before, we are going to see more 'n more scripts being sold through a Forum and at some point, someone may put a backlash on the Forum used for purchasing it through. Might be best to start discussing these things now.
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •