Welcome to this week’s casual kōrero thread!
This post will be pinned in this community so you can always find it, and will stay for about a week until replaced by the next one.
It’s for talking about anything that might not justify a full post. For example:
- Something interesting that happened to you
- Something humourous that happened to you
- Something frustrating that happened to you
- A quick question
- A request for recommendations
- Pictures of your pet
- A picture of a cloud that kind of looks like an elephant
- Anything else, there are no rules (except the rule)
So how’s it going?
I don’t have any insider information so I’m just spitballing here :D but I have worked in health IT field before and I’m not even a little surprised that bugs like these exist - and have been exploited.
Poor authorisation handling bug is quite common. Authentication is largely a solved problem what with OAuth (not that a lot of NZ health IT providers use it… sigh) but each software developer still has to solve the problem of authorisation. And it’s just all too easy to forget that random IDs are not secure and are not even random.