294
rtannerf
191d

Yesterday, somebody disabled the account of a guy who retired 4 years ago. Suddenly, document processing broke.

Turns out his username and password was hardcoded in to a Visual Basic 6 program that's been quietly running in production for over a decade. VB6 reached end of life 10 years ago.

Also the SQL queries work by concatenating user input. 🙃

cmd.CommandText = "SELECT * FROM FOO WHERE BAR=" & userInput

I think I'm gonna have a stroke.

Comments
  • 65
    I'm sorry for you, but i find this hilarious. 🤣
  • 67
    - it works on my machine
    - it worked 10 years why changing it
    - nobody knows so is secure
    - he was a dev his whole life, he knows better
  • 16
    vbCrLf & vbCrLf & vbCrLf & mstr_Username

    I work primarily in a decade-old VB.NET codebase and some of the old migrated VB6-era code is nasty.

    The worst is when we get a new dev who's working here as their .NET job. They see that stuff scattered all over certain areas and think it's how they should be writing new features.
  • 6
    some backend call in production that uses dummy-user@domain.com that communicates to another api, upon enforcing password expiration, locks out all users from accessing the app
  • 3
    Honestly, what surprises me the most is the fact that his password didn't expire *at all* 😲
  • 4
    I have no doubt in my mind that I will uncover something exactly like this at my new employer.
  • 2
    '; Drop Table Users -- +
  • 1
    The main site of my company (its on alexa top 100 in my country) its written in vb.net and its full of queries like "select * from Table where id="+ urlParameter.
    The worst part is that its just 4 years old and the other devs think that the previous developer was god.
    Thankfully, I already started to build it again in c# and net core 2 and the boss support me.
Your Job Suck?
Get a Better Job
Add Comment