[vox] A hypothetical question about the Web's dark underbelly

Richard S. Crawford vox@lists.lugod.org
Sat, 17 Jan 2004 09:28:09 -0800


On Sat, 2004-01-17 at 02:13, Karsten M. Self wrote:

> Cleartext passwords.  Frames.  Javascript.  Bad.  Bad.  Bad.

I always feel like I need to defend myself when the flaws of our website
are pointed out.  Yes, I know cleartext passwords are bad.  And the
JavaScript.  And especially the frames (ESPECIALLY the frames in my
opinion, since they make the site particularly hard to work with -- and
they're completely unnecessary given the site's architecture, I think).

I've gone over these points with my boss, and he agrees.  Unfortunately,
right now we don't have the manpower to completely revamp and redesign
the site while maintaining the site that we have now.  We had planned to
bring in some contractors who could start from the ground up by
rebuilding our Oracle database, but we don't even have the budget for
that anymore.  We have one developer who understands Cold Fusion with
any proficiency (and it's not me), one graphics design person, and one
guy whose job is to keep the Solaris servers up and running (a temp --
that's me -- and since it's a temp job they had to settle for someone
who's pretty comfortable with Unix instead of a professional).  Someday
we will institute the next version of our site which uses no cleartext
passwords and no JavaScript and no frames (and, ideally, would move from
ColdFusion to JSP or PHP, but I doubt that will happen), but it won't be
soon.  Alas.

-- 
Slainte,
Richard S. Crawford
AIM: Buffalo2K / Y!: rscrawford / ICQ: 11640404
Howard Dean for America: http://www.deanforamerica.com
http://www.mossroot.com http://www.stonegoose.com
"It is only with our heart that we can see clearly.  What is essential
is invisible to the eye."  --Antoine de Saint Exupery