While most software developers are aware of the threat posed by intentionally malicious or simply curious hackers, few developers understand the extent to which the flaws they introduce into their applications aid and abet those same hackers.
In January of this year, a German software developer identified a design flaw with serious security implications in the recently open sourced Borland InterBase product. This flaw existed in versions of InterBase that stretched back to 1994!
No one had maliciously added the flaw -- a back door in the form of a hardcoded name and password. Instead, the error resulted from an InterBase developer's poor design decision. The application used the hardcoded name and password to access a special InterBase access control database during authentication.
