Webnotes-communication between parents and school



  • Our school has recently joined www.webnotes.cz project -- that means they put your marks on the web usng the webnotes pages. Few things have surprised me in their code(sadly i do not have acces to back-end).

    • You can see quite an intereseting login method. When user submits login form i actually triggers javascript which checks login credential formats. Nothing rare. But it also puts fields to the invisible form which it submits.
    • That nice statistics are actually created using colored DIVs
    • Whem you login you can see Web 2.0 - like behaviour. Because you can not login you can try UKÁZKA PRO RODIČE that means demo for parents. Web 2.0 beahviour actually means that there are no complete page reloads. There are only partial ones. The page is containing about ten FORMs(don't ask my why forms there is no input etc...) that are dynamically swithched by JS functions. OK, just strange HTML elem used for Web 2.0 like behaviour. The WTF is that the forms actually contains only IFRAMEs.
    • You can see there some old unused code like old JS function filling login to "kropacek", which is demo login. But now demo is made by separate web page and the function is no longer used.
    • I did not get the line: var IE=("P"=="6"); //(navigator.appName.indexOf("Microsoft")!=-1); but i hope it's really some reasonable construct.
    and you can find more..



  • In my experience, stuff developed specifically for schools is often crap. Seems security is something most don't care about in that particular industry.

    My experience is from working as an IT person for a small school, BTW. I've seen a lot of stuff, and found obvious security or reliability issues within minutes (in some cases even the install guide reveals some WTFs).



  • [quote user="msntfs"]

    • I did not get the line: var IE=("P"=="6"); //(navigator.appName.indexOf("Microsoft")!=-1); but i hope it's really some reasonable construct.

    [/quote]

    Probably they wanted to "temporarily" disable the IE specific code.  Why not use "var IE=false;"?  Who knows?  Although I wouldn't be entirely surprised if they didn't know that "false" exists in JavaScript. 



  • [quote user="tin"]In my experience, stuff developed specifically for schools is often crap. Seems security is something most don't care about in that particular industry.[/quote]

    I think it's something of a "honeypot" mentality.  Make it easy to crack, but difficult to cover your tracks.  Then the school can catch all the smart kids whose curiosity gets the best of them.  Kick them out of the class and the rest of the dolts in the class who can't understand a for loop won't look like idiots.
     



  • OK, it's actually not anythingt created specially for the school purpose... There is some company behind it and offering it to schools. And what surprised me it does not look as there is any security hole.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.