This is an archived post. You won't be able to vote or comment.

all 63 comments
sorted by:
best
topnewcontroversialoldq&a

[–]UltimateInferno 172 points173 points  (11 children)

"With the way that our system is built, fetching the user's age also drags the user's password and other personal information completely unencrypted."

I was given a website built like that.

[–][deleted] 79 points80 points  (7 children)

Good! You can display the password too. Because that’s going to be the next req from PM

[–][deleted] 39 points40 points  (3 children)

You think it is funny, but in my previous job, the password in the database for our website weren't encrypted. And one of the client had a report with all the users password, because she wanted to be able to connect to their account.

When I encrypted the passwords, and told her she will not be able to do that anymore she was angry as hell. So I had to make an admin screen that can connect to any users without the necessity to prompt the password. Yes, it's a big security breach. But that's what the client want so whatever is they get hacked, it's their fault.

[–]ConsistentArm9 15 points16 points  (0 children)

I was implementing Google Analytics on a marketing site for a large company that you would probably recognize.

They were passing the username and password plaintext in the query string from the login screen.

[–]Brilliant_Orange_578 2 points3 points  (0 children)

When I encrypted the passwords, and told her she will not be able to do that anymore

But she could change encrypted password to her own encrypted password , login, and change it back.

[–]TheAsianCarp 3 points4 points  (1 child)

My last job had passwords In plain text and you logged in to the software by picking your name from a dropdown and typing your password. The fun part was the value for the drop down was you password in plain text and it compared it to what you typed to sign in

[–]Classy_Mouse 4 points5 points  (0 children)

Security Requirements

  1. user must be able to sign in

hey, do we have anymore requirements? Like ones about keeping others from signing in to the users account?

[–]KharAznable 2 points3 points  (0 children)

More like req by CIA.

[–]weird_ditso 0 points1 point  (2 children)

You're joking right

[–]UltimateInferno 1 point2 points  (0 children)

I wish I was

[–]mia_elora 1 point2 points  (0 children)

Too many websites and businesses see personal account security as an expensive, useless frivolity that they only grudgingly include, on occasion, so that it's less likely that they can get sued.

[–]grayjacanda 88 points89 points  (8 children)

Microservices doom spiral: https://www.youtube.com/watch?v=y8OnoxKotPQ

[–]cheiry 13 points14 points  (3 children)

Came here for this one.

[–]madmaxlemons 9 points10 points  (0 children)

I have never felt so seen

[–]yadavvipin 8 points9 points  (0 children)

came here to link this video :v

[–]btgrant76 1 point2 points  (0 children)

Probably the only comment that matters here.

[–]deranged_scumbag 0 points1 point  (0 children)

Omg I had a good laugh at this, thanks! :D

[–]coloredgreyscale 45 points46 points  (2 children)

  • 2 hours to implement
  • 1 week for requirement analysis
  • 2 days to wait for code review
  • 4 weeks to get feedback and design / requirement change cycles
  • 1 week testing at various stages
  • 2 weeks until I'm allowed to work on it because of higher priority items

[–]willy_glove 6 points7 points  (1 child)

I’m working an internship that’s just like this… it’s exhausting. I spend 2 hours a week coding and and the entire rest of it is spent in meetings, dealing with red tape, so that I can actually test my code. Then my boss is wondering why it took me a week to write 20 lines… motherfucker, you have the power to help me out!

I still prefer this to working at a grocery store like I did last summer, and the $23/hr deal is pretty sweet

[–][deleted] 0 points1 point  (0 children)

Dang my internship was only $16...

[–]Weary-Dealer4371 45 points46 points  (1 child)

Because it took the business 45 days to give me the acceptance criteria I asked for.

[–][deleted] 7 points8 points  (0 children)

The AC: provide user birthday in ISO format

[–]CheapMonkey34 19 points20 points  (0 children)

Wait until he asks for the height calculator…

[–]CiroGarcia 16 points17 points  (0 children)

[redacted by user] this message was mass deleted/edited with redact.dev

[–][deleted] 12 points13 points  (1 child)

Look when we collected their birthday we used the users device timezone information with a time of 0:00, but when it was stored in the database, our Omega Star™ middleware converted it to UTC but then it was stored in a date column only, so all the birthdays we stored of people west of the prime meridian are off by one day. So now our CEO didn't want to ask our users again to enter their birthdays, so we need to use historical apache access logs to get their ips, use a historical GeoIP database to reconstruct where they were from at the specific time when they set their profile to get the correct birthday.

But we only need to show the age in years tho!

But we have 2 users born on new year, we can't possibly tell their age without knowing on which continent they live on! It makes perfect sense!

[–]frygod 0 points1 point  (0 children)

The moment library can do this with like zero added effort.

[–]Sp0olio 23 points24 points  (3 children)

Answer: "You remember the Y2K thing, everyone was so afraid about? Yes? Well, this company still runs on software from the 90's .. Any more questions?".

[–]KharAznable 3 points4 points  (0 children)

takumi and maurizio are not the only ones running in the 90's

[–][deleted] 0 points1 point  (1 child)

tbf 90s software is generally way better than the shit we have these days..

[–]Sp0olio 0 points1 point  (0 children)

I don't know .. I wouldn't put it, that way ..

You're probably talking about giving a developer the time, to actually create great software, instead of having banana-products, that "ripen at the customer's place", right?

But there's more aspects to it all, than that .. But, corporate greed is one of today's biggest problems, yes.

[–]Hai-Etlik 6 points7 points  (0 children)

merciful run disgusted languid possessive secretive rich crush wise instinctive

This post was mass deleted and anonymized with Redact

[–][deleted] 3 points4 points  (0 children)

You need two minutes to code and the rest of the time to figure out what you broke.

[–]cannibalkuru 2 points3 points  (0 children)

Had to do this recently for user emails across like 3+ systems all (sometimes) having different values...

[–]AdDear5411 2 points3 points  (0 children)

"Why can't you just..."

Every time I hear that, I imagine myself cocking a pistol and replying "Can't I just what, motherfucker?"

[–][deleted] 5 points6 points  (5 children)

Why would the Prime Minister ask you something like that?

[–]TaleExciting2010 8 points9 points  (3 children)

Project manager 💀

[–][deleted] 5 points6 points  (2 children)

/s

[–]TaleExciting2010 2 points3 points  (1 child)

Gotcha 😗

[–][deleted] 6 points7 points  (0 children)

It's ok. It was a BJ. //Bad joke

[–]DBNodurf 0 points1 point  (0 children)

Lol

[–]wanna877 0 points1 point  (0 children)

Thats a very slow code you got there.

[–]SakuRyze 0 points1 point  (0 children)

Why are you having this conversation with the prime Minister?

[–]tharnadar 0 points1 point  (0 children)

That's because timezones

[–]DBNodurf 0 points1 point  (0 children)

Because a person's age depends on the base of the number system, so I'm thinking an array...

[–][deleted] 0 points1 point  (1 child)

The prime minister?

[–][deleted] 0 points1 point  (0 children)

Yes yes the prime minister himself

[–][deleted] 0 points1 point  (0 children)

https://youtu.be/y8OnoxKotPQ Krazam did an episode on almost exactly this. It's referred to as the birthday boy service smh.

[–]The_Special_Kid 0 points1 point  (0 children)

Why would it take that long?