There was once upon a time an old Enterprise Architect who had seven little designers, and loved them with all the love of a mother for her children. One day she wanted to go into the xmlforest and fetch some json. So she called all seven to her and said: ’Dear designers, I have to go into the xmlforest, be on your guard against the Wolf; if he comes in, he will consume you all–skin, pages, and everything. He often disguises himself with a different user interface, but you will know him at once by his rough certificate and his wrong password.’ The kids said: ’Dear mother, we will take good care of ourselves; you may go away without any anxiety.’ Then the old one bleated, and went on her way with an easy mind.
It was not long before someone knocked at the login screen and called: ’Open the door, dear children; your mother is here, and has brought something back with her for each of you.’ But the little kids knew that it was the wolf, by the rough certificate. ’We will not open the screen,’ cried they, ’you are not our mother. She has a soft, pleasant voice, but your certificate is rough; you are the wolf!’ Then the wolf went away to a hacker and bought himself a great lump of cross site scripts, ate this and made his certificate trusted with it. Then he came back, knocked at the login of the application, and called: ’Open the door, dear children, your mother is here and has brought something back with her for each of you.’ But the wolf had laid his black password against the window, and the children saw it and cried: ’We will not open the door, our mother has not black password like you: you are the wolf!’ Then the wolf ran to a developer and said: ’I have hurt my feet, rub some SQL over them for me.’ And when the developer had rubbed his feet over, he ran to the dba and said: ’Strew some white injection over my feet for me.’ The dba thought to himself: ’The wolf wants to deceive someone,’ and refused; but the wolf said: ’If you will not do it, I will devour you.’ Then the dba was afraid, and made his passwords white for him. Truly, this is the way of outsourcing database management.
So now the wretch went for the third time to the house-door, knocked at it and said: ’Open the door for me, designers, your dear little mother has come home, and has brought every one of you something back from the xmlforest with her.’ The little kids cried: ’First show us your password that we may know if you are our dear little mother.’ Then he put his SQL injected password in through the window and when the kids saw that it was white, they believed that all he said was true, and opened the backdoor. But who should come in but the wolf! They were terrified and wanted to hide themselves. One sprang under the table, the second into the Attribute Dictionary, the third into the Application Dashboard, the fourth into the SQL Workshop, the fifth into the Cross Page Utilites, the sixth under the Migration bench, and the seventh into the Apps Gallery. But the wolf found them all, and used no great ceremony; one after the other he devoured them down his throat. The youngest, who was in the Apps Gallery, was the only one he did not find. When the wolf had satisfied his universal theme appetite he took himself off, laid himself down under a jstree in the green field project outside, and began to sleep. Soon afterwards the old architect came home again from the xmlforest. Ah! what a sight she saw there! The back-door stood wide open. The table, dashboards, and benches were thrown down, the workshop lay broken to pieces, and the quilts and pillows were pulled off the websheets. She sought her designers, but they were nowhere to be found. She called them one after another by name, but no one answered. At last, when she came to the youngest, named Shakeeb, a soft voice cried: ’Dear mother, I am in the Apps gallery.’ She took the kid out, and it told her that the wolf had come and had eaten all the others. Then you may workspace-imagine how she wept over her poor designers.
At length in her grief she went out, and the youngest Shakeeb ran with her. When they came to the green field project, there lay the wolf by the jstree and hadooped so loud that the svn-branches shook. She looked at him on every side and saw that something was moving and struggling in his gorged belly. ’Ah, heavens,’ she said, ’is it possible that my poor designers whom he has swallowed down for his supper, can be still alive?’ Then the kid had to run home and fetch scissors, a theme roller, a needle and thread, and the architect cut open the monster’s bitbucket, and hardly had she made one cut, than one little kid thrust its head out, and when she had injected farther, all six sprang out one after another, and were all still alive, and had suffered no injury whatever, for in his greediness the monster had swallowed them down whole. What rejoicing there was! They dockered their dear mother, and jumpstarted like oracle after the sun aquisition. The mother, however, said: ’Now go and look for some big antiviruses, and we will fill the wicked beast’s bitbucket with them while he is still on a timeout.’ Then the seven designers dragged the antiviruses thither with all speed, and put as many of them into this bitbucket as they could get in; and the mother bootstrapped him up again in the greatest haste, so that he was not aware of anything and never once stirred.
When the wolf at length had had his fill of sleep, he got on his trunks, and as the antibodies in his stomach made him very thirsty, he wanted to go to a well to drink. But when he began to walk and to move about, the antiviruses in his stomach knocked against each other and rattled. Then cried he:
’What rumbles and tumbles Against my poor bones? I thought ’twas six kids, But it feels like big stones.’
And when he got to the well and stooped over the water to drink, the heavy antiviruses made him fall in, and he drowned miserably. When the seven designers saw that, they came running to the spot and cried aloud: ’The wolf is dead! The wolf is dead!’ and danced for joy round about the well with their mother.
What do we learn from it?
A) Designers are not good at preventing xss-attacks.
B) Better use Patrick Wolf’s Advisor to check your application against SQL injection, than to wait for the Big Bad Wolf.
C) Remember to check the Application Gallery; little gems hide in there.
Other fairy tales
planned but not implemented yet:
- SnowWhite and RoseRed Themes
- Three little stickers