Well shame on them for including the price as part of the form, instead of using a variable to reference the item in a database (NOT exposed of course). This is a bit like hand-writing prices on your product in grease pencil, then hiring a hydro-cephalic high-school student as your cashier. Sheesh... If half of the stories of this type are true, it makes one wonder how businesses survive at all...
For the user to be able to do an "edit page" is one thing, that really can't be helped. But the "publish" function means that the server admin left an FTP port wide open. Who in there right mind allows unauthenticated ftp on a server that handles anything on the Internet, much less "aiee-commerce"?
Slashdot Mirror
Well shame on them for including the price as part of the form, instead of using a variable to reference the item in a database (NOT exposed of course). This is a bit like hand-writing prices on your product in grease pencil, then hiring a hydro-cephalic high-school student as your cashier. Sheesh... If half of the stories of this type are true, it makes one wonder how businesses survive at all...
For the user to be able to do an "edit page" is one thing, that really can't be helped. But the "publish" function means that the server admin left an FTP port wide open. Who in there right mind allows unauthenticated ftp on a server that handles anything on the Internet, much less "aiee-commerce"?