61
linuxxx
4y

Especially painful being a cybersecurity engineer;

Did something wrong with an if-statement.

Caused authentication to break completely; anyone could login as any user.

Was fixed veeeeeeery quickly 😅 (yes, was already live)

Comments
  • 3
    Nice!

    assume drop on all logins, unless sucessful
  • 5
    Code path splits are always something to fear for their immense "lurking bug to be found ten years in the future" potential.

    I often write code wich deliberately executes statements in all cases wich might also have been gated by a condition check.
    That often even makes the code less performent on average. But the increased likelihood of finding critical bugs early on is worth it for me.
  • 2
    No tests?
  • 0
    My heart was racing throughout the entire thing
  • 0
    @ArtOfBBQ for a personal project I doubt there will be tests ...

    Though I'm curious to know what was that bug and how simple was it to find it and exploit
  • 1
    @pxeger Beat me to it! I was going to post a link to that one...
  • 2
    @gitpush I don't recall except for the details I've given and no tests indeed, personal project
  • 2
    And this is why we do feature flags. We can turn that shit off fast when we need to.
Add Comment