我的朋友曾经用PHP编写了一个论坛脚本。密码保存为一个名为pass.txt的纯文本文件。当然，每个人都可以访问那个文件。

有关安全漏洞(和其他计算机风险)的主列表，请访问http://catless.ncl.ac.uk/Risks

About 3 years ago I built a site for a somewhat large non-profit organization in our state. When it came time to deploy the application to their web host server, I noticed an odd file named "cc.txt" or something obvious like that in their public site. It was under their web root, was getting served, and was a csv file of all their donor's names, addresses, credit card numbers, expiration dates, and CVV/CVC codes. I cannot count the number of times I brought the issue up - first to my boss, then our company accountant, the client's IT director, finally the client's President. That was 3 years ago. The file is still being served, it can even be googled. And it's been updated. I tend not to respond to their donation solicitations when I get them.

在一些Unix机器(当然是所有的SunOS)上，您可以将setuid shell脚本链接到一个名为“-i”的文件。 shell脚本将文件名解释为它的第一个参数，并运行"sh -i" =一个交互式shell，并获得setuid文件所有者的许可。

因为大多数setuid shell脚本都是以根用户身份运行的，以便允许您执行一些需要根用户权限的操作，比如弹出CD或加载磁带。这意味着在20世纪90年代，在大多数大学的Unix机器上获得管理是很简单的。

在签名代码中:

System.setSecurityManager(null);

(你可以通过谷歌代码搜索。)从进程中运行的所有代码中删除所有Java安全限制。可能没有想清楚。

我所见过的最糟糕的漏洞是web应用程序中的一个漏洞，即提供空用户名和密码将以管理员身份登录。