Comments on: Computer Security http://timworstall.com/2008/07/23/computer-security/ It is all obvious or trivial except... Thu, 24 May 2012 19:11:01 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: That Asprox Virus… | Tim Almond http://timworstall.com/2008/07/23/computer-security/comment-page-1/#comment-19087 That Asprox Virus… | Tim Almond Wed, 23 Jul 2008 21:01:42 +0000 http://timworstall.com/2008/07/23/computer-security/#comment-19087 [...] H/T Tim Worstall [...] [...] H/T Tim Worstall [...]

]]> By: TomJ http://timworstall.com/2008/07/23/computer-security/comment-page-1/#comment-19051 TomJ Wed, 23 Jul 2008 16:50:37 +0000 http://timworstall.com/2008/07/23/computer-security/#comment-19051 http://xkcd.com/327/ 8-) http://xkcd.com/327/

8-)

]]> By: JuliaM http://timworstall.com/2008/07/23/computer-security/comment-page-1/#comment-19033 JuliaM Wed, 23 Jul 2008 15:12:31 +0000 http://timworstall.com/2008/07/23/computer-security/#comment-19033 <i>"which is also why the government frequently pays major agencies amounts for web development that make people here say “I could have done that for fifty quid”. Yes, you could, <b>but the government can’t show you won’t screw it up</b>."</i> Given the lax way the government usually writes its IT contracts, not only can they not show that the private company won't screw it up <i>either</i>, but if they do, they usually can't/won't charge them any penalty... “which is also why the government frequently pays major agencies amounts for web development that make people here say “I could have done that for fifty quid”. Yes, you could, but the government can’t show you won’t screw it up.”

Given the lax way the government usually writes its IT contracts, not only can they not show that the private company won’t screw it up either, but if they do, they usually can’t/won’t charge them any penalty…

]]> By: Peter Risdon http://timworstall.com/2008/07/23/computer-security/comment-page-1/#comment-19017 Peter Risdon Wed, 23 Jul 2008 13:48:07 +0000 http://timworstall.com/2008/07/23/computer-security/#comment-19017 It's unacceptable in a junior web developer. I've explained why <a href="http://freebornjohn.blogspot.com/2008/07/government-it-watch.html" rel="nofollow">here</a>. MTAS was even worse. Government agencies routinely pay much more for development than private companies would consider for the same project. I know this from differentials in contract values I've had myself. It’s unacceptable in a junior web developer. I’ve explained why here. MTAS was even worse.

Government agencies routinely pay much more for development than private companies would consider for the same project. I know this from differentials in contract values I’ve had myself.

]]> By: Tim Almond http://timworstall.com/2008/07/23/computer-security/comment-page-1/#comment-19003 Tim Almond Wed, 23 Jul 2008 12:41:05 +0000 http://timworstall.com/2008/07/23/computer-security/#comment-19003 john b, "which is also why the government frequently pays major agencies amounts for web development that make people here say “I could have done that for fifty quid”." Well, not £50, but MTAS cost £1.75 million for the 1st year. For that, I'd expect to have a system built where someone couldn't just change the URL and read someone else's mailbox. john b,

“which is also why the government frequently pays major agencies amounts for web development that make people here say “I could have done that for fifty quid”.”

Well, not £50, but MTAS cost £1.75 million for the 1st year. For that, I’d expect to have a system built where someone couldn’t just change the URL and read someone else’s mailbox.

]]> By: john b http://timworstall.com/2008/07/23/computer-security/comment-page-1/#comment-18984 john b Wed, 23 Jul 2008 11:21:12 +0000 http://timworstall.com/2008/07/23/computer-security/#comment-18984 ...which is why this has only appeared in places like Hackney Council's recruitment site, rather than anything secure or high-profile. It'll be cases where the junior web monkey has been told "can you knock up this site, the contractors would charge us a fortune and take a month". (which is also why the government frequently pays major agencies amounts for web development that make people here say "I could have done that for fifty quid". Yes, you could, but the government can't show you won't screw it up.) …which is why this has only appeared in places like Hackney Council’s recruitment site, rather than anything secure or high-profile. It’ll be cases where the junior web monkey has been told “can you knock up this site, the contractors would charge us a fortune and take a month”.

(which is also why the government frequently pays major agencies amounts for web development that make people here say “I could have done that for fifty quid”. Yes, you could, but the government can’t show you won’t screw it up.)

]]> By: Tim Almond http://timworstall.com/2008/07/23/computer-security/comment-page-1/#comment-18967 Tim Almond Wed, 23 Jul 2008 09:51:01 +0000 http://timworstall.com/2008/07/23/computer-security/#comment-18967 It's what's known in the trade as a SQL injection attack . If you don't write your database code in quite the right way, your database can be vulnerable. It's an error that I might expect a junior programmer to make, but I wouldn't expect a project manager or senior developer on a web project to be ignorant of it. It’s what’s known in the trade as a SQL injection attack . If you don’t write your database code in quite the right way, your database can be vulnerable.

It’s an error that I might expect a junior programmer to make, but I wouldn’t expect a project manager or senior developer on a web project to be ignorant of it.

]]>