20
Awlex
17d

Boss: We need to disable CSRF and any other form of security, because that shitty, insignificant client has a website that is abomination anyone's eyes, can't pay because of the iframe thingy.

Me: I'd advice against it. This is a significant security issue that just screams to be exploited and there has to be a solution, but idk much about this situation.

Boss: Idk we need to kiss every clients ass till they come. Remove all the security

Me: *Just wants to get home, last one in the office besides the boss* fine
*removes it, deploys and gets the fuck home*

...2 weeks later

Payment gateway: Yeah, we blocked your account, because someone was trying to purchase 30k product in a span of 1h

I'm not even mad about that, but rather about the fact I fucking called it.

* Achievement unlocked: Targeted by scammers

P.s. no major damages, cause the guys from the payment gate understand shit about security.

Comments
  • 9
    Good on the payment folks.

    When I worked at BIG COMPANY I always made sure to get the 'do stupid shit' in email and etc.... just in case to CYA.
  • 1
    @N00bPancakes Should have done so, but I doubt my boss will use that against me. I dare him
  • 3
    @Awlex Yeah usually if it's that kinda place, you know, big places always good to CYA, but not everywhere.

    I had more than one "hold off on that" after I asked for an email at BIG COMPANY, that's usually pretty telling...
Add Comment