hwg-techniques archives Jun 2002 new search results previous next

Re: Professional Courtesy

by Kid Stevens <Kidstevens(at)comcast.net>

 Date:  Fri, 28 Jun 2002 07:16:41 -0600
 To:  Pat Crawford <pat.crawford(at)which.net>,
Christie Cooksey <christie(at)thearmidalemall.com>,
hwg-techniques(at)hwg.org
 References:  cooksey stobcross
  todo: View Thread, Original 
Why not?

Seems very valid to me as a Web designer and Security Manager.  New
designers have no experience with everything on the Web.  So as we learned
as little children; if we stick something in those two slots in the wall we
learn.  I do not believe Christie meant young as in physical age, but more
so as, new to the art of crafting web sites.

At IBM, my Officedepot shopping servers, not the ones you see when you go
to officedepot.com, I would be tasked with purging 30 to 50 fake orders a
day from the SQL database.  Now some of those were hackers out to do code
reviews.  Some were students in an HTML class at an unnamed college, still
others random fake orders.

The hackers oh well they couldn't get anywhere since they weren't one of
the 200 or so accounts allowed to log in.  The college, a polite request
stopped that problem.  The others too many and too random to be hackers yet
when doing a DNS parse/grep on the logs we would find that many would map
out to, using whois, to Web design services.

The servers where not listed on the Internet search engines.  Since only
invited customers could come use them.  There was no need for anyone to
enter false orders to see how the page worked.  A good HTML primer and a
perl programmer could have taught them more.

If they want to learn forms and shopping carts, they can ask here and shop
the canned solution vendors for carts and ask the support of those vendors
where they can test a cart.  Probing someone else's site is no good for
showing up security holes.  If they are honest what business do they have
looking for holes or crashing the cart system.  The FBI take hacking very
seriously.  Free Testers of a working site?  That makes no sense,  testing
is for before production.  After production of the cart it is analysis of
performance that is critical.

I find this funny in 4 years of my own business I never had faked paper
orders.  A professional would not have the time to waste playing with the
site.  Whereas a call or e-mail could get a tech's honest beliefs about
performance.

>Businesses have always had to tolerate a certain amount
>of wastage as some folk just can't resist filling in a "Donald Duck" form.

At 2:06 AM +0100 6/28/02, Pat Crawford wrote:
>Sorry Christine, this doesn't wash!
>
>----- Original Message -----
>From: "Christie Cooksey" <christie(at)thearmidalemall.com>
>> I would like to offer a bit of advice to all of the young web designers
>just
>> starting out.
>
>Although I am sure that this is well-intentioned, it is not advice - it's a
>protectionist dogma.  Anyway, why focus on young web designers?  Do you have
>any real reason for singling out our younger colleagues?  Or, does it just
>make your preaching seem more acceptable?  Is there any reason to believe
>that web designers (of any age, gender, colour or persuasion) are the most
>likely pests in this regard?  Jo Soap, who loves keying cars and vandalising
>telephone boxes, may be having a field day with websites.
>
>> All websites, no matter how small, are owned by people that are serious
>> about their business.  If you see a form or shopping cart that you find
>> interesting please don't "test" it with false orders.  These websites are
>> "real" and their owners deserve our respect and professional courtesy.
>
>In RL, shopkeepers who are serious about their business do not walk out of
>the shop and leave the door open. They don't invite people to order goods
>and offer to deliver them without seeing the colour of the customer's money.
>
>If people are "serious" about business on the web, they need to find
>solutions to security loopholes and seek ways to avoid being vulnerable.  As
>it stands, a form on the web is just as much of an achilles heel as any
>paper order form.  Businesses have always had to tolerate a certain amount
>of wastage as some folk just can't resist filling in a "Donald Duck" form.
>Businesses use web forms, paper forms, catalogues, phone-in services and so
>on to enable them to reach as large an audience as possible.  Some portion
>of that audience will be forever hostile/idle/prankish.  That is the
>trade-off for maximum circulation.
>
>> There are many "open source" sites out there where you can search for
>programs and many of them have demos for    > you to test.  Or you can
>contact the webmaster of a site and ask about any programs you find
>interesting.
>
>If I were inclined to give advice on the most considerate way to test live
>forms - I'd suggest that people enter Test Tester instead of a first and
>second name.  This way, the business owner can see that someone has been
>testing the form and ignore the order.
>
>Businesses could well benefit from a symbiotic relationship with volunteer
>testers as most web designers would send an email to the company if the form
>has a fault  - most customers will simply walk away.  So, the experimenters
>can be looked on as free testers and that can represent a serious saving in
>financial terms.
>
>Live and Let Live ...
>
>... Slainthe!
>
>Pat

-- 
Truly,
Kid Stevens

"If you don't believe in Dragons, they will stop believing in You.
That would be a sad affair indeed for all."

HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA