Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Are you sure this is not an OWASP "don't do this shit" demo?
ars178133dThis exists? In a production environment?
@magicMirror nope, this is sadly real. Some new guy managed to convince management that the old service was shit and that he could rewrite all the functionality in no time.
All other devs are bashing it, but management is convinced that we are just jealous because the service is so much faster (which it isn't).
We have shown at different occations how easy it is to «hack» into the service. The creator say that is OK since it is not finished. But then they launched the service without fixing any of it.
stop634233d@runardev can you agree with the managment to have a live demonstration on the prod system where you manipulate the data of the person who written it?
My plan for an perfect event would be this:
1. He verifies that the system is untampered.
2. You log in as the unprotected admin and talk what you just make, like in a youtube lets play of an game.
3. Ask one of the managment to log in via the unprotected admin to change things he wants to do.
I recommend that if its possible to use from the internet to use an pc that only has access to the internet.
And make a backup before this.
Fast-Nop3522933dIf this thing processes customer data and you live within an area where the GDPR holds, you should alert management that they are setting the company up for hefty GDPR fines.
extensible by default by any customer. I like it.