|
Implement a mandatory 24-character password that has to include exactly four upper-case characters, exactly seven numerical characters, and all the rest accented characters.
Include mandatory password changes every three days.
After three weeks, when the two admins who've managed to log in for three days in a row have rapidly implemented some real security, go back to 8 any-old-chars with no password-change limit
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Or I did what my last job did, simply tell them their password is not secure, but don't tell them why
I had 12 characters, upper and lower case, two numbers and two special characters, but the system deemed it insecure and the only way I could get my password to work was by going to a sysadmin and entering it directly in AD
|
|
|
|
|
well this is the most simple...unless the client can pay you big for rewriting the security module of the web application.........
Caveat Emptor.
"Progress doesn't come from early risers – progress is made by lazy men looking for easier ways to do things." Lazarus Long
|
|
|
|
|
An acquaintance of mine, whose IQ barely reaches 2 digits and whose attention span is lower th oooh, shiny, is taking a 3 months course of Web Developement. She has troubles using her smartphone and comes from a failed literature and a failed arts background...
GCS d--(d+) s-/++ a C++++ U+++ P- L+@ E-- W++ N+ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- r+++ y+++* Weapons extension: ma- k++ F+2 X
|
|
|
|
|
den2k88 wrote: comes from a failed literature and a failed arts background We all know literature and arts are way more complicated than programming (actually, that's my background too, although not failed)
|
|
|
|
|
I was upgrading a client website very similar to that. But they also had the concept of "business units" within a Company, each of which would define different features and options. If you were a user that needed to work in different business units, you had to use a separate login for each!
|
|
|
|
|
Wow, this application has the same thing!
Some people have around ten accounts, and it's only one account per business unit.
Also makes you wonder why the business accepted this (and why customers aren't complaining)...
|
|
|
|
|
They had a fellow fresh out of school develop the site, with no real world experience. It's one thing to know the language elements, but quite another to come up with a realistic architecture - taking the time to think through what would be the best experience for the user.
I replaced the whole mess with ASP.Net Identity, and basically applying a union to the various permissions he had from the various business units. The biggest challenge I had was a migration strategy to move the old accounts into the new system.
|
|
|
|
|
Add requirement to stackoverflow questions or create a separate exchange which requires unit tests included with answers. Why - so it can be learned by a broader group of people.
|
|
|
|
|
There is so much wrong here I don't know where to start....
|
|
|
|
|
Your right, but since you did not include a unit test with your answer, it will not be accepted.
|
|
|
|
|
Lewis Carroll: “Begin at the beginning," the King said, very gravely, "and go on till you come to the end: then stop.”
Sent from my Amstrad PC 1640
Never throw anything away, Griff
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
|
I'd suggest you suggest that over at SO - you'll get more abuse for your suggestion there than you will here.
We're the nice guys.
Sent from my Amstrad PC 1640
Never throw anything away, Griff
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Not acceptable - is an opinion question with no definitive answer, so not allowed on SO.
|
|
|
|
|
That's partly why you'll get more abuse ...
Sent from my Amstrad PC 1640
Never throw anything away, Griff
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Probably one for Stack Exchange Meta, but if we must discuss it here - take it to The Weird & The Wonderful, it's way too surreal for the Lounge!
Whenever you find yourself on the side of the majority, it is time to pause and reflect. - Mark Twain
|
|
|
|
|
Only CCC is too surreal for the Lounge...
"The only place where Success comes before Work is in the dictionary." Vidal Sassoon, 1928 - 2012
|
|
|
|
|
Oh, I don't know - all this talk of missing spoons ...
Whenever you find yourself on the side of the majority, it is time to pause and reflect. - Mark Twain
|
|
|
|
|
Would you agree that the following are true or not?
1) a question posed is usually a simplification or genericisation of the true problem been faced. It may exclude constraints such as memory, time, parallelism, bandwidth, precision, reliability, data size, etc, etc which may impact selection of a solution.
2) any answer to such a question is therefor only partially informed.
3) a variety of 'correct' answers can be made to such a question, but only the questioner has the full context to evaluate the pros and cons of each answer, and hence which may be most suitable to the true problem.
4) any unit tests proposed by the answerer are incomplete due to point 1
5) any unit tests proposed by the answerer cannot anticipate the true edge cases
Would it also be true that the best questions are those that explicitly identify/exlcude constraints. ( E.g I need to sort 10,000 numbers, and have gigabytes of memeory but need to do it as quickly as possible verses I need to sort 10,000 numbers, but only have 1kb memory available...)
|
|
|
|
|
maze3 wrote: Why - so it can be learned by a broader group of people. Hahaha, that broad group isn't inhibited now; they're free to learn the subject. So no, I won't accept that as a reason.
If I want to add unit-test with my answer on CP, I can do so; simply add a link to the GitHub that contains them.
Next, answers should be short and to the point, with examples being as simple as possible - anything that isn't relevant to the question or answer should not be there; imagine a book to learn C# that has unit-tests for its "Hello world".
Finally, it will mean very few volunteers there; given the questions here (and there), a unit-test is hardly relevant. Also lot of people who might want to answer, and won't (due to the added requirement).
Perhaps you want full XML-documentation too? And did you consider asking for multi-version answers, so that you can download code & unit-test for your exact .NET version? And, if the question involves a database, a complete SQL-script to generate the structure and fill it with test-data? Let's have all that before allowing someone to answer
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Maybe the code isn't posted to the thread at all, maybe the person answering should have to physically visit the asker to enter the code directly into their solution and fixed any errors that occur?
|
|
|
|
|
Exactly, but you worded it a lot better
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
[TestMethod]
public void QuestionIsAnsweredCorrectly()
{
var question = GetQuestion();
var answers = question.GetAnswers();
var isCorrect = answers.Any(a => a.Body.Contains("duplicate") || a.Body.Contains("Google") || a.Author == "Jon Skeet");
Assert.IsTrue(isCorrect);
} Directly taken from the StackExchange source code
|
|
|
|
|
When they can't even get the lusers posting irredeemable drek to post an MCVE; isn't just a bridge too far. It's a bridge from here to Jupiter where the people who're failing to ask good questions have all gone to get more stupider.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|