Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
I feel like devrant failed on this one, the image is way too big and the text is cut. #failrant
-
coderme6497yThis is terrible. Frightening. Terribly frightening.
...
So did someone click the button? That's the only way this story could get any better. -
@Bitwise I KNOW! I've done a bad thing and I feel bad. I've soiled our haven of piece and perfection and now I'm going to go rant on it. In 2 hours. Because I just ranted. Goddammit.
-
@hindsight2020 If you ever wanted to leave that company, be sure to forward the internal site to the public internet, that would yield... interesting... events!
-
@DRSDavidSoft
- downloads ngrok
- creates anonymous account through proxy
- sends ngrok url to a couple hackers
But they all laughed at it SO HARD that they couldn't breathe, and then decided it was not enough of a challenge and they took pity on the poor client.
Obviously this didn't and will never happen but I smile at the thought. -
@Bitwise I'm happy I helped you discover it! Ngrok is, indeed, a tool to behold. To hell with firewalls, this is how we do this.
Related Rants
I... uhm... I... I can't... I ... I can't even.... THIS IS LIVE IN THE CLIENT'S SITE WHERE ANYONE CAN CREATE A LOGIN WITH NO VERIFICATION WHATSOEVER AND SEE THIS WHICH IS LINKED TO A BIG RED BUTTON THAT RESETS THE WHOLE DATABASE, YOU FUCKING DUMB PIECE OF SHIT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
// This event clears the entire solution in all active clients, truncates the database and also removes any stored PDFs in the server folder
$(document).on('click', '#resetDB', function () {
// This event only happens if the user correctly enters the password, this is to prevent other users than the admin from performing this action
var answer = prompt("Please enter the password required to perform this action.");
if(answer == "-REDACTEDBECAUSEHOLYSHIT-") {
socket.emit('resetDB');
} else {
alert("The password is incorrect, please try again!");
}
});
AAAAAAAAHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH!!!!111!!1!!11!1!!1!1one!one!!!11
(I'm not inventing this, even though the "site" is internal only and not accessible through the web. That does *not* make it any less stupid!)
rant
about as smart as my chair
"security"
js
webdev