They can do it *better*
-
So my management chose an "intranet" package from a company with "over 650,000 users worldwide".
They don't let local IT install the software (because, naturally, they would fsck it up), but instead require a blank server. remote access and full administrative rights, so they can do it properly.
To be fair, the product works as advertised. I just don't like how they solve those pesky user permission issues (for uploading images and such):
Yes, "web" is the root of the website in ISS.
Forwarded to our "security guy", who is also the person responsible for choosing them and their primary contact. Sweet irony.
-
-
I don't know what that dialog means, could someone with more experience than me explain it?
-
Every authenticated user has modify access to the root folder and subfolders and files of the root.
So, in theory, everything unless there are different permissions further down the tree.
-
This way they don't have to worry about SQL injection.
-
This way they don't have to worry about SQL injection.
Interesting idea - leave a huge, gaping, stupefying security hole to draw attention away from all those pesky, hard to catch exploits.
I think we may be on to a new security design philosophy here :)
-
Judging by Discourse's earlier state, I think Jeff thought of it first.
-
A Google search for "over 650,000 users worldwide" (including the quotes) was interesting.
6 of the top 10 results were from a company called Interact Intranet, and this is a typical page: