Results 1 to 4 of 4
-
09-08-2006, 04:30 AM #1learning is in the doing
- Join Date
- Sep 2000
- Location
- Alberta, Canada
- Posts
- 3,146
Selling of insecure Scripts - When to give Notice
While your suggestion and intent are good, this is a sales thread.
Comments about how to improve something can hurt sales (thus the rule
about no ad critiquing), so we'll be removing this post.
Although the rule for "no ad critiquing" has its place, common sense tells us; if someone is selling something that is "known" to be stolen or illegal then that rule goes out the window. Why should it be any different for someone trying to sell a "known" script that is insecure? I say it's time to put the same thinking towards the selling of insecure scripts -- when proven to be insecure -- as we do stolen or illegal.
Is it more important to protect the Seller or the Buyer?
As Forum Members, should we not do something to protect other Forum Members from purchasing something that will potentially allow their Hosting account to get hacked or abused? At the very least, people selling something that is "known" to be insecure, should make mention that additional security is required. Even better, don't provide an insecure script with any Templates.
I see these type 'security' issues becoming more important in the near future. Especially when said "insecure" script is sold through a 3rd party medium like a Forum.
Your thoughts...• PotentProducts.com - for all your Hosting needs
• Helping people Host, Create and Maintain their Web Site
• ServerAdmin Services also available
-
09-08-2006, 05:36 AM #2
When people are selling a site, they don't usually expect a site review. If you find a problem on their site, PM them and alert them, or report the post so we can look into it. Looking at your post, it appears you were picking faults without describing exactly what you perceived the real problem to be.
-
09-08-2006, 08:40 AM #3Disabled
- Join Date
- Dec 2005
- Posts
- 181
I think the seller should fix it to be honest, but he might not know how.
-
09-08-2006, 09:59 AM #4learning is in the doing
- Join Date
- Sep 2000
- Location
- Alberta, Canada
- Posts
- 3,146
My (removed) post specifically mentioned the form script used in the 'contact' page and how the Seller should code it for input verification and prevention of others using it to send Spam.
Yes, a PM could have been sent but as I do have first hand experience with insecure scripts, such as the one being discussed, and first hand experience of the problems they can cause, I had to choose between alerting the; Seller, potential Buyer, or both. By making the post I did both.
If it was being sold from someone's Web site it would be different story. Being sold from a Forum puts a different perspective on things. I realize security issues with scripts being provided for free or for sale are not a big issue with most people. At any Forum the Members will be at all different levels of knowledge and experience. Those of us with the ability to spot an insecure script/program that is being sold through the Forum should do something, and making a post about it is the easiest, faster way.
I'm also bringing this issue to light because, as I mentioned before, we are going to see more 'n more scripts being sold through a Forum and at some point, someone may put a backlash on the Forum used for purchasing it through. Might be best to start discussing these things now.• PotentProducts.com - for all your Hosting needs
• Helping people Host, Create and Maintain their Web Site
• ServerAdmin Services also available