Click here to Skip to main content
14,270,034 members

Welcome to the Lounge

   

For discussing anything related to a software developer's life. Technical discussions are encouraged, but click here to ask your programming questions.

The Lounge is rated PG. If you're about to post something you wouldn't want your kid sister to read then don't post it. No flame wars, no abusive conduct, no programming questions and please don't post ads.
 
GeneralRe: Compiler Warnings... Pin
Marco Bertschi6-Jun-19 3:04
protectorMarco Bertschi6-Jun-19 3:04 
GeneralRe: Compiler Warnings... Pin
obermd6-Jun-19 3:07
memberobermd6-Jun-19 3:07 
GeneralRe: Compiler Warnings... Pin
Dr.Walt Fair, PE6-Jun-19 6:02
professionalDr.Walt Fair, PE6-Jun-19 6:02 
GeneralRe: Compiler Warnings... Pin
Gary Wheeler6-Jun-19 6:07
memberGary Wheeler6-Jun-19 6:07 
GeneralRe: Compiler Warnings... Pin
I_made_a_womble6-Jun-19 6:30
memberI_made_a_womble6-Jun-19 6:30 
GeneralRe: Compiler Warnings... Pin
Gerry Schmitz6-Jun-19 8:36
mveGerry Schmitz6-Jun-19 8:36 
GeneralRe: Compiler Warnings... Pin
Member 79891226-Jun-19 11:06
memberMember 79891226-Jun-19 11:06 
GeneralSecurity is for the weak Pin
Sander Rossel5-Jun-19 1:06
professionalSander Rossel5-Jun-19 1:06 
So I sat together with a client yesterday, they wanted some web application replaced.
He logs in with an admin account and gets on a page of all users that he can impersonate.
But why impersonate because... All passwords are stored AND SHOWN as plain text!
Forgot your password? Give us your email address and we'll send you your password, easy.
Oh yeah, and if you're not in the database we'll let you know so you can check if your competition is using this.
At least it's not the user's own password as the only way to get an account is... Actually, we couldn't find out, but some admin should create it (and the password I guess).
We did find how to reset a password... Change it directly in the database.
All this on HTTP without even the option for HTTPS.
As you can imagine, this wasn't the only thing that's wrong with it (don't even start on usability)...

I kind of assumed it was a quick and dirty intranet application, but it's on the public internet and apparently (business) customers are using it.

So... Should I keep these features when I rewrite it? Big Grin | :-D
Makes you wonder exactly how unqualified some people are for their job (or maybe this programmer wrote it exactly according to specs?) and that stuff like this happens everywhere.

GeneralRe: Security is for the weak Pin
Nathan Minier5-Jun-19 1:12
professionalNathan Minier5-Jun-19 1:12 
GeneralRe: Security is for the weak Pin
Sander Rossel5-Jun-19 1:59
professionalSander Rossel5-Jun-19 1:59 
GeneralRe: Security is for the weak Pin
Nathan Minier5-Jun-19 2:09
professionalNathan Minier5-Jun-19 2:09 
GeneralRe: Security is for the weak Pin
Sander Rossel5-Jun-19 2:34
professionalSander Rossel5-Jun-19 2:34 
GeneralRe: Security is for the weak Pin
Dr.Walt Fair, PE5-Jun-19 6:13
professionalDr.Walt Fair, PE5-Jun-19 6:13 
GeneralRe: Security is for the weak Pin
den2k885-Jun-19 22:48
professionalden2k885-Jun-19 22:48 
GeneralRe: Security is for the weak Pin
Chris Maunder5-Jun-19 4:43
adminChris Maunder5-Jun-19 4:43 
GeneralRe: Security is for the weak Pin
den2k885-Jun-19 22:47
professionalden2k885-Jun-19 22:47 
GeneralRe: Security is for the weak Pin
Nathan Minier6-Jun-19 4:59
professionalNathan Minier6-Jun-19 4:59 
GeneralRe: Security is for the weak Pin
den2k886-Jun-19 5:02
professionalden2k886-Jun-19 5:02 
GeneralRe: Security is for the weak Pin
Nathan Minier6-Jun-19 5:11
professionalNathan Minier6-Jun-19 5:11 
GeneralRe: Security is for the weak Pin
den2k886-Jun-19 5:21
professionalden2k886-Jun-19 5:21 
GeneralRe: Security is for the weak Pin
markrlondon5-Jun-19 22:05
membermarkrlondon5-Jun-19 22:05 
GeneralRe: Security is for the weak Pin
Daniel Pfeffer5-Jun-19 1:18
professionalDaniel Pfeffer5-Jun-19 1:18 
GeneralRe: Security is for the weak Pin
RickZeeland5-Jun-19 1:29
mveRickZeeland5-Jun-19 1:29 
GeneralRe: Security is for the weak Pin
Dr.Walt Fair, PE5-Jun-19 6:15
professionalDr.Walt Fair, PE5-Jun-19 6:15 
GeneralRe: Security is for the weak Pin
RickZeeland5-Jun-19 7:57
mveRickZeeland5-Jun-19 7:57 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.