How Old Is the Internet?

Last night, I came across evidence of the oldest web site so far known.

I had been sent a request to complete an online customer survey and duly clicked through to the online form. Clearly I am very old, and the web site even older. I did even wonder what the data retention policy is. Or maybe there's been a slight data import issue here? Applications need data validation in more places than just inputs from humans. Data from other systems, including so-called "trusted systems" can also be prone to errors, incompatibilities and troublesome content. And some of that can also be malicious. It needs to be defined properly and then validated.

I remember one of my own projects which threw an input validation error many years after it was deployed, because the system it was integrated with changed the format of their response codes. My application was accused of being "over engineered". Well, "fail-secure" I said. And in any case, prior to development, we had tried for a long time to get a specification for what codes to expect, but no-one had an answer, and we had to make some assumptions and put bounds on what was reasonable. It worked for 4 years, and was logging, but I admit it could have done with sending an alert on detection of an invalid response.

While the example of the customer survey above is just mildly amusing, it might hint at poor secure development practices — just the sort of thing malicious users might ponder how to exploit. I don't think there's any significant risk here, especially since the date appeared to be the only custom data in the survey.