|
Tei posted:Cargo culting is not a recipe for failure. Its just mediocre with mediocre results. If your definition of success is to increase employee churn in the company, then yes.
|
#
?
Oct 14, 2021 00:11
|
|
|
|
| # ? May 23, 2024 16:49 |
|
|
Edit double post
|
|
#
?
Oct 14, 2021 00:11
|
|
|
wolfman101 posted:If your definition of success is to increase employee churn in the company, then yes. I may just be having a mental breakdown but maybe that's really what the industry's definition of success is. Maybe it really is people who can see the humor in the insanity of the industry keeping the "I'm helping mommy" crowd of business analysts, project managers and CInOs employable without any really useful software resulting. I've ended up crashing and burning over and over from trying to make successful software and maybe it really is just some bullshit kabuki.
|
|
#
?
Oct 14, 2021 00:45
|
|
|
They discovered how to treat software as capital, and ever since then, investors, not users, are more often the customers, and usefulness is secondary to compatibility with whatever asinine scheme to conjure up a paper fortune is in vogue this quarter.
|
|
#
?
Oct 14, 2021 08:42
|
|
|
Bongo Bill posted:They discovered how to treat software as capital, and ever since then, investors, not users, are more often the customers, and usefulness is secondary to compatibility with whatever asinine scheme to conjure up a paper fortune is in vogue this quarter. Can't wait until we move on from NFT and MetaVerse as the hot buzzwords. Not looking forward to whatever is next being even more asinine.
|
|
#
?
Oct 14, 2021 16:08
|
|
|
After resetting my password through my company's timesheet website and having to go through their helpdesk because the password email wasn't sent, and trying to change the password on login because I'm forced to.quote:Password cannot be changed more than once per day. You last changed your password on '10/15/2021'. Please contact the helpdesk. Also the temporary password is only good for 2 hours, so I can't just wait a day to change my password.
|
|
#
?
Oct 15, 2021 13:27
|
|
|
1337JiveTurkey posted:I may just be having a mental breakdown but maybe that's really what the industry's definition of success is. Maybe it really is people who can see the humor in the insanity of the industry keeping the "I'm helping mommy" crowd of business analysts, project managers and CInOs employable without any really useful software resulting. I've ended up crashing and burning over and over from trying to make successful software and maybe it really is just some bullshit kabuki. Basically this. In my experience, enterprise’s main problem is that they are infested with “expert beginners” and “friend’s kids” whose main priority is to undermine everyone more competent than them who can see through their bullshit. Startups main problem is VC investors insane demands.
|
|
#
?
Oct 15, 2021 13:32
|
|
|
A lot of web shops are full of people winging it in a bloated organization where very few salaries have a positive ROI and the company has a single golden goose that's on autopilot but is extremely hard to grow any further. So the company dumps money back into itself in order to keep growing and nobody knows how to make themselves actually useful, but they like getting paid and they better look busy.
|
|
#
?
Oct 15, 2021 13:37
|
|
|
Rubellavator posted:After resetting my password through my company's timesheet website and having to go through their helpdesk because the password email wasn't sent, and trying to change the password on login because I'm forced to. guessing they are storing old passwords to check whether you are reusing them, and the primary key for the table is the date. (lol)
|
|
#
?
Oct 15, 2021 16:28
|
|
|
Hammerite posted:guessing they are storing old passwords to check whether you are reusing them, and the primary key for the table is the date. (lol) Not necessarily. Active Directory allows you to set a minimum password age before changing. It's stupid as hell and annoys the poo poo out of me when I miss a pw change and need IT to unlock my account because their administrative reset ALSO has the minimum age requirement.
|
|
#
?
Oct 16, 2021 01:51
|
|
|
lol is that entirely so that "you can't reuse any of your last 12 passwords" isn't trivially defeated by changing your password 12 times in quick succession?
|
|
#
?
Oct 16, 2021 21:41
|
|
|
Pretty much yeah. Ours is set to a one day minimum at work.
|
|
#
?
Oct 17, 2021 00:52
|
|
|
thank god, now we can be sure that employees are making use of the entire password1... password12 space
|
|
#
?
Oct 17, 2021 03:00
|
|
|
Mine was always passwordMMYY.
|
|
#
?
Oct 17, 2021 18:35
|
|
|
Felt like someone read a bunch of different ideas about passwords and just applied all of them even if they were contradictory. Like 1) users should be made to change temporary passwords after log in 2) temporary passwords cannot last longer than 2 hours 3) users can't change passwords more than once every 24 hours Unless you add an exception for #3 regarding temporary passwords (and they didnt), you can't do all 3 of those! I had to wait for the 1 guy who runs the help desk to manually reset my password.
|
|
#
?
Oct 18, 2021 18:40
|
|
|
this is easier
|
|
#
?
Oct 18, 2021 20:35
|
|
|
That's...a joke, right? I can't imagine any situation where a salted and hashed password should have any effect approaching a query.
|
|
#
?
Oct 18, 2021 20:57
|
|
|
D34THROW posted:That's...a joke, right? I can't imagine any situation where a salted and hashed password should have any effect approaching a query. It's not a joke, it's a big red flag.
|
|
#
?
Oct 18, 2021 21:01
|
|
|
D34THROW posted:That's...a joke, right? I can't imagine any situation where a salted and hashed password should have any effect approaching a query. That's the video that they discover in Event Horizon of the crew warning everyone to save themselves from hell
|
|
#
?
Oct 18, 2021 21:07
|
|
|
D34THROW posted:That's...a joke, right? I can't imagine any situation where a salted and hashed password should have any effect approaching a query. what makes you think they're salted or hashed
|
|
#
?
Oct 18, 2021 22:32
|
|
|
D34THROW posted:That's...a joke, right? I can't imagine any situation where a salted and hashed password should have any effect approaching a query. I mean, no user input should ever be interpreted as SQL period. But this does imply a series of problems.
|
|
#
?
Oct 18, 2021 23:17
|
|
|
Biowarfare posted:what makes you think they're salted or hashed string salt(string password) { return password + password; } string hash(string password) { return password.toUpper(); }
|
|
#
?
Oct 18, 2021 23:58
|
|
|
NihilCredo posted:string salt(string password) { bool authenticate(string username, string password){ string query = "SELECT COUNT(*) FROM Users U where LOWER(U.username) = '" + username.toLower() + "' AND LOWER(U.securedPassword) = '" + hash(salt(password)).toLower() +"' OR U.Password = '" + password; int i = executeMyQuery(query); return i>0;}
|
|
#
?
Oct 19, 2021 02:01
|
|
|
dont forget we dont want people reusing passwords CREATE UNIQUE INDEX aaaaaa ON Users (Password); CREATE UNIQUE INDEX aaaaaaaaaa ON Users (securedPassword);
|
|
#
?
Oct 19, 2021 02:50
|
|
|
Nth Doctor posted:I finished your implementation. lmao just logging into any user i want just by using my own password
|
|
#
?
Oct 19, 2021 04:17
|
|
|
Rubellavator posted:lmao just logging into any user i want just by using my own password  the password matching is even worse than thatnot to mention the flagrant SQL injection and recoverable passwords no matter the salting and hashing algorithms and and and...
|
|
#
?
Oct 19, 2021 04:24
|
|
|
Nth Doctor posted:
yeah it's great it gets worse every time i look at it
|
|
#
?
Oct 19, 2021 04:27
|
|
|
Nth Doctor posted:
Lmao took me a minute or so to see it. So which S&P500 firm did you find this at?
|
|
#
?
Oct 19, 2021 09:09
|
|
|
A short story from building web applications for small clients in the early 2000s. Client: You need to change the password requirements. Me: Why? They're pretty standard. Client: The president's password needs to be admin. Me: That's not good. Client: He's not learning a new password.
|
|
#
?
Oct 19, 2021 17:38
|
|
|
OK so your password is still "admin", but your username has changed from "Prez" to "qFWtAL4Z2YeBpaCXAXaP". Also, don't ever tell anybody what your username is.
|
|
#
?
Oct 20, 2021 23:25
|
|
|
Doom Mathematic posted:OK so your password is still "admin", but your username has changed from "Prez" to "qFWtAL4Z2YeBpaCXAXaP". Also, don't ever tell anybody what your username is. "No, my username has to be admin too, I'm not learning a new one"
|
|
#
?
Oct 21, 2021 00:06
|
|
|
Just get his PA to approve all login attempts.
|
|
#
?
Oct 21, 2021 00:14
|
|
|
Make a special logged in page for him where it just says "Everything is A-OK Sir" and you can't do anything else.
|
|
#
?
Oct 21, 2021 06:08
|
|
|
lifg posted:A short story from building web applications for small clients in the early 2000s. You could have asked if the boss only logins from his office, or he login from different places. Making so admin-admin only works from the boss office ip. If somebody else try to use admin-admin, a message would show "this iP is not authorized for login with this user, please ask it added to the authorization list, or use your secondary safe password"
|
|
#
?
Oct 21, 2021 07:34
|
|
|
Tei posted:You could have asked if the boss only logins from his office, or he login from different places. Doing unnecessary work for a lovely client is the greatest code horror of them all. Just set the password expiry to 30 days.
|
|
#
?
Oct 21, 2021 07:46
|
|
|
DoctorTristan posted:Doing unnecessary work for a lovely client is the greatest code horror of them all. Just set the password expiry to 30 days. Even better, time to stretch your CYA skills: quote:Dear $whoever_speaks_for_the_client, Take the response, print it, laminate it, put it in your bank safe.
|
|
#
?
Oct 21, 2021 09:27
|
|
|
The one PHP shop I worked in did SELECT * FROM Users WHERE Username = @username AND Password = @password on login. No, there was no hashing. Oh and Password was a VARCHAR(8).
|
|
#
?
Oct 25, 2021 22:12
|
|
|
I'm always shocked at how common unhashed passwords are. My first job had them until I replaced them with 2-way encryption (a demand from sales that they could tell people their current password rather than reset it). My second job had modified AD so that your password was stored clear text as an attribute on your profile. My current job had a product we were using that stores usernames and passwords clear text in the database. Best part is that stupid product's entire selling point was supposed to be security.
|
|
#
?
Oct 26, 2021 04:17
|
|
|
But the database is stored on a computer that's behind a very secure door
|
|
#
?
Oct 26, 2021 09:00
|
|
|
|
| # ? May 23, 2024 16:49 |
|
|
I got hired by a small business to figure out why their website kept getting hacked and it turned out the person who made it used some kind of wizard to generate the SQL (using Dreamweaver I think) and ended up generating an overcomplicated join query to check logins. It ended up checking to see if the password matched any user's password, and there was at least one user record with a blank password, so you could just type any username and no password and log in as that user. Also it used HTTP GET to pass the username and password in the URL to every page instead of using cookies or sessions. At least the passwords were hashed in the database!
|
|
#
?
Oct 26, 2021 15:56
|
|
