Always on time

A couple of days ago, an officemate initiated a jabber chat with me.  He told me that he found a problem on our online time sheet while he was tinkering with the firebug plugin.  Turns out there’s a hidden field for the login time that one can tamper with, and again no server-side validation for it.  Using firebug, one can update the value for the hidden field, and then use the form to submit.  The problem’s been escalated.  I wonder if they’ll fix it though… or simply dismiss it on account of “the users won’t do that.” 😛


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s