I knew they were crap, but they're even worse! Watch

Iscariot
Badges: 11
Rep:
?
#21
Report 13 years ago
#21
Well no one can change your application since that's hardcoded into the UCAS systems, even UCAS can't change your application. I really don't see how this is a major security threat, the worst that'll happen is someone can see your application, and seeing as we all flaunt our application details about on TSR, I doubt too many of us are concerned about people knowing it. Sure it'd be nice to know track is the Fort Knox of computer programming, but at the same time I don't think this is the end of the world.
0
quote
reply
Ribbons
Badges: 2
Rep:
?
#22
Report 13 years ago
#22
we trust UCAS with our applications....sure it isnt a big deal if someone saw your choices, but you'd expect just a little bit higher level of security.....
0
quote
reply
Knogle
Badges: 14
Rep:
?
#23
Report 13 years ago
#23
BTW, how much do UK/EU students pay as an application fee (to UCAS)?
0
quote
reply
Ribbons
Badges: 2
Rep:
?
#24
Report 13 years ago
#24
(Original post by sanjiv)
BTW, how much do UK/EU students pay as an application fee (to UCAS)?
AFAIK, its the same for everybody 15 pounds (my keyboard hasnt got the pound sign...my other keyboard stopped working )
0
quote
reply
Knogle
Badges: 14
Rep:
?
#25
Report 13 years ago
#25
That sounds right. I paid SGD$50/- to my college (1pound = 3SGD), who paid UCAS on my behalf.
0
quote
reply
110111
Badges: 0
Rep:
?
#26
Report 13 years ago
#26
(Original post by Iscariot)
Well no one can change your application since that's hardcoded into the UCAS systems
Not true. They are just using a Oracle database. Anyone who know a little Oracle pl/sql can change anything in your application. All you need is a buffer overflow attack and sql injection and you are off and running. And it is likely that the moronic programmers who coded the UCAS system with its multifarious bugs have failed to protect against this or the many equally tasty techniques that the bad guys use.

Buffer overflows have been discovered in at least 6 standard Oracle core database functions. See the article "Smashing The Stack For Fun And Profit" by Aleph One for classic approaches to buffer overflow http://www.phrack.org/phrack/49/P49-14
The state of the art is described in "Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns" available at
http://research.microsoft.com/users/...k-smashing.pdf and covers heap smashing, arc injection and pointer subterfuge.
Here is a well known SQL injection attack against the latest version of Oracle http://www.red-database-security.com..._metadata.html

NB: I am not a practitioner of these dark arts. I merely have a minor academic interest in the technology.
0
quote
reply
SuperhansFavouriteAlsatian
Badges: 0
Rep:
?
#27
Report 13 years ago
#27
Yup, poohbear's right - you can't "hardcode" anything in web development, because nothing ever gets compiled - how could it get repeatedly recompiled with thousands of people accessing it at once? And even then, if you can get it in there, you can change it too. They have access to their own source code.

It seems odd that they used a POST method, instead of just md5'ing some cookies.
0
quote
reply
Ribbons
Badges: 2
Rep:
?
#28
Report 13 years ago
#28
quite a lot of that just 'wooshed' straight over my head ....but from what I understood, THAT IS WORSE THAN WHAT I THOUGHT! :eek:
0
quote
reply
Manifest
Badges: 0
Rep:
?
#29
Report 13 years ago
#29
(Original post by LawHopeful)
My boyfriend is a software engineer, and yesterday, i showed him my UCAS track. I didnt realise at the time that such a simple thing would confirm just how crap ucas is.

Ok... so Paul loves looking at how other people's programs and software works... so he was fiddling around wit the UCAS track... he managed to hack it in 2 mins flat. It was ridiculous! Just by changing some stuff in the address bar, he could see other people's choices (but not personal details may i add).

We had to phone up straight away and tell them! UCAS really are *****! They didnt even write thier software with tests for that sort of thing! grrrr.

I think that its things like this that keep UCAS so backlogged. Now they'll have spent loads of time and money today having to fix this when if theyd just written the software properly in the first place... theyre just soooo inefficient!
I want to become a software programmer, I think it is a good proffesion. Don't tell UCAS about anything unless you want to get yourself in trouble. UCAS might start tracing your IP and bla bla anything can happen, just keep it to your self. (Just an advice)
0
quote
reply
X

Quick Reply

Attached files
Write a reply...
Reply
new posts
Latest
My Feed

See more of what you like on
The Student Room

You can personalise what you see on TSR. Tell us a little about yourself to get started.

Personalise

University open days

  • University of Buckingham
    Psychology Taster Tutorial Undergraduate
    Fri, 14 Dec '18
  • University of Lincoln
    Mini Open Day at the Brayford Campus Undergraduate
    Wed, 19 Dec '18
  • University of East Anglia
    UEA Mini Open Day Undergraduate
    Fri, 4 Jan '19

Were you ever put in isolation at school?

Yes (142)
27.41%
No (376)
72.59%

Watched Threads

View All