Phasor Burn

Warning: Do not look into phasor with remaining eye.

About

Yet another collection of random links and rantings of a greying unix geek with a photography bent. Pass the Guinness and Grecian Formula.

« Yeah but both franchises coffee tastes like shit
“Papers, please.” »

SugarCRM is written by drooling idiots

Boggles my mind how this kind of shoddy work is accepted….

We went thru the trouble of setting up https and secure ldap for sugarcrm authentication. All to be negated by the sugarcrm login page using GET to pass that information along.

They should be using POST for login. Never ever use GET for login operations. Gah.

By using GET they guarantee anybody with access to the web server logs or web proxy logs can see this information. We’re pseudo-ok in that only root can view the logs on this particular server, but still. My mind boggles. What a bunch of idiots.


"GET /crm/index.php?
action=UnifiedSearch&module=Home&search_form=false
&advanced=false&module=Users&action=Authenticate
&return_module=Users&return_action=Login
&cant_login=&login_module=
&login_action=&login_record=
&user_name=tmiller
&user_password=xxxxxxxx
&Login=++Login++&login_theme=WhiteSands
&login_language=en_us HTTP/1.1"

This entry was posted on Tuesday, February 27th, 2007 at 3:45 pm and is filed under General, Rant, System Administration, Open Source. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “SugarCRM is written by drooling idiots”

  1. Sigh. Web applications should be written by people who actually understand HTTP.

    Lori Olson
    February 27th, 2007

Leave a Reply

Search

Subscribe

RSS RSS ok

Pages

Categories

Archives

Phasor Burn is powered by WordPress

I feel dirty theme by studio ST
Entries (RSS) and Comments (RSS).