Go back

Blog

Would You Consider This A Design Flaw?

I was on the Wish List page on tenderfilet.com and noticed a search box.  Being a curious monkey I entered ‘h’:

tenderfilet.com wish list search
tenderfilet.com wish list search

I was surprised to see this list pop up.  The screenshot below is a partial screenshot of the results page:

tenderfilet.com search results
tenderfilet.com search results

It has the customer’s full name and address. Would you consider this a design flaw?

Comments 7

avatar

Yikes, I would say so.

I’m not a SQL or database whiz, but I’m guessing the lookup query is written in such a way that takes what you enter (h) and attaches wildcards before or after it, resulting in every email with an H in in. Their development team should take a serious look at this.

Reply

avatar

You are right, that’s exactly what’s happening at the code execution level. Here is the clincher, I bet the marketing team at tenderfilet.com is not even aware of this design flaw. Luckily they don’t list email addresses or their competitors could have done some serious damage.

Reply

avatar

Nope! As long as it shows more results, rather than less results, it’s alright.
From a user point of view, more information is better.

Reply

avatar

Here’s the problem though. If they are showing contact information, someone can call the customer, claiming to be from Tender Filet, and try to solicit credit card information. This happened to one of my clients before, and it was an absolute disaster.

I’m all for usability, but Contact information should never be that available on a public site.

Reply

avatar

Its an interesting issue. As you guys discussed, they are taking the letter and if any name has that letter it is showing the results. However if you type something like “hh” or “aa” nothing shows up. I don’t consider this as a design flaw, because what is the real flaw? User is supposed to enter a name to search, however they accidentally typed just a letter such as “h”–whats the bid deal showing what they are showing? As they are not revealing any sensitive date, I don’t find it to be problematic.

Reply

avatar

You have a valid point. But if someone is looking to buy a gift item I suspect they would know a few letters beyond the recipient’s initials. This is certainly not a security breach, just poor programming standards in my opinion.

Reply
avatar

with plans to implement public wish lists on my own store, this is interesting.

As long as no contact details are being share or explicitly with the user’s consent, this should not be an issue. But on the other hand, having a minimum of say 3 letters before executing a search and input of location might also be good.

or should the urls be based on some alias and let the user have the responsibility of sharing it with the people.

The two approaches totally differ based on what consumers would ideally want.

Reply

IF THE COMMENT SECTION REMAINS EMPTY I'M GOING TO LOSE MY JOB

Cancel Reply
Email will not be published
fried_egg.png

I like seeing marketing ideas I've never seen before

True or False? ??

fried_egg.png

Then you are in the right place.

Receive 1 unique conversions idea in your inbox every week. Interested?