Brian Likes the URL String

In my capacity in software QA working on Web applications, I know there’s no easier means of havoc than to mess with the URL string sent to the Web application. Looks as though some “hackers” have discovered the same with a university application, um, application:

The ApplyYourself code had a bug such that editing the URL in the “Address” or “Location” field of a Web browser window would result in an applicant being able to find out his admissions status several weeks before the official notification date. This would be equivalent to a 7-year-old being offered a URL of the form and editing it down to to see what else of interest might be on the server.

But I bet the company saved a bundle of money by avoiding the whole quality assurance thing.

(Link seen on Outside the Beltway.)