Scary stuff, for the school. I agree w/ other commenters that maybe you crossed the line a bit legally. But, I think your intentions were good — and that matters (at least to me). It’s frustrating when you know how to do something, have a serious and good intention in place, and actually want to help fix a situation, and then the target of all that doesn’t get off their butt & fix it.

That all said, I’ve been doing web consulting / programming for a long, long time now & the state of affairs for form-based security is just awful, on the whole. I see so many sites where things like proper validation & CSRF protection are no where to be found. It’s amazing to me that someone can get good enough at coding to actually code up a working form that interacts w/ a database, yet not implement best practices for preventing SQL injection. Yet, it’s so common. Frustrating!

Nice piece — interesting read. :-)

Written by

Web guy at; author of books & blogs. See:

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store