Shell recovers slip after spilling applicants' details
URL regret it if your Web forms are insecure
By John Leyden • In Security • At 15:13 GMT 7th January 2003
Shell has fixed a security hole on its recruitment Web site that left confidential private information of potential applications files open to world+dog.
Yesterday a Reg reader, who'd also notified Shell, told us that URL manipulation of forms on the site allowed easy access to this confidential data.
The company promptly suspended the print service, after we informed it of the vuln.
Application security issue are all too common, and Shell's experience illustrates the importance of keeping one eye on security when carrying out Web development work. Companies need to have a security policy that extends beyond making sure the basics (firewalls, AV etc.) are in place so that they deal with a wider variety of potential risks. ®