Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
6) The password hashing scheme was trivially broken, that is, given the hash I could construct a password which generated the same hash. Take a look - it still uses the same hash algorithm! https://github.com/unclebob/fitnesse/blob/master/src/fitness...
These meant the system was totally p0wnable.
And I found a few public servers using FitNesse as the web server.
I reported all of these years ago, at at least some of them were fixed. If these security issues are still present now, there's been plenty of time to fix them.
My analysis helped confirm my view that TDD generates happy-path tests, and strengthen my complaint that TDD, at least in the "red-green-refactor" formalism, ignores rest of the testing that needs to be done even at that development stage where TDD is most effective.