I was invited to help the investigation into a WebSite that was getting lots of inexplicable data and apparently was underpricing sales.
As was suggested in many educational books, validation of 'Form Fields'
was being carried
to add insult to injury, the "Shopping Basket Balance" was carried backward and forward in 'Hidden Form Fields'.
When I asked the WebSite Builder why he had done these things, a book was produced that showed an example of a site doing these things - I almost cried !!
When the data was transmitted to the server, it was just plonked into Database Tables with no Server Side Validation !!!
We found that someone (well two different people - in different countries - with no connection to each other) had created a clone page on a different WebSite.
So easy to do - just "View Source" and "Save It" and bingo, you have got a cloned page !!
worst thing of all, you can put what you like in the "Shopping Basket Balance" field.
We managed to trace and communicate with one of the Cloners - a middle aged housewife with time on her hands - and asked her WHY !! There were two parts to the answer:
- In the spirit of exploration of what was possible;
- Just because I can
There are several lessons to be learned from this example: