I got an email inviting me to take part in some great deals on some books from a certain company ( name withheld to protect the innocent). As the site was new, they were also encouraging some feedback. As it turned out a lot of the site didn’t work for me on my development machine. Here’s what I posted:
When a user signs up, deal with non alpha numeric characters, such as ‘ in addresses. At present it appears as if nothing happens except for a notification of a script error: server returned a 401 from line 605 char 13 I‘d also check if the same applies to names, such as O‘Brien. Might also be nice if you look at the site on Win 2008 in IE, protected mode on. This is the only site I have problems with, and had to add it to trusted sites to get it to work properly. The accordian panels don‘t display until that is done. (Works fine on a Vista box though.)
Funny thing is, I reported the issue with ‘ in address fields, but of course their web based comment gathering stripped all four out of the above message <g>
Here’s the “tech support” response:
“We can’t support windows server 2008 protection mode. We’ve been running and testing on windows server 2008. However we’ve disabled Internet explorer protection mode because most websites don’t work correct.
I’ve just registered a new account and it all works fine, although I’m not using windows server 2008 with Internet explorer protection mode active.
If his using windows server 2008 as workstation, well firstly Microsoft offers windows vista as workstation not server. Additionally if he really wants to run windows server 2008 as a workstation like vista, then he should read a Microsoft blog. I’ve personally convert a windows server 2008 box to workstation and I’ve tested the website using this win 2008 box. “
Wooo ! I should ” read a Microsoft blog” ??? Gee thanks for the advice.
Sad thing is, this person clearly has no clue what “Protected Mode” is. It isn’t peculiar to Win2008, in fact most folks running Vista with UAC on will be running with protected mode on. I think they are probably confusing it with IE Enhanced Security Configuration (or IE ESC for short). Perhaps they should read a few more Microsoft blogs themselves
And note, they seem to have totally missed the problem about apostrophe’s !! I’d be a bit worried if the server returns a 401 error rather than dealing with that elegantly. Seems they should probably read a few Microsoft blogs about code security and SQL injection… actually make that some books, not just blogs ….. Hey I know just the site as long as your name isn’t O’Brien