304
linuxxx
7y

"You should use Windows server!"

It was a high security project which needed to run very stable. Even the windows sysadmin looked at that guy like 'dude what the actual fuck'.

Comments
  • 36
    because sharing is caring! spread the word and always remember to share your data :p
  • 3
    Well maybe it's a .Net project?
  • 13
    @xotu sorry but for a high security project windows is a no go for me! (and dot net core runs on linux as well now)
  • 4
    @linuxxx you gotta be aware from DotNet Core, in v1.x I read there are security risks in ASP.Net core, didn't read if they were fixed in v2 release, but better hold off for a while on projects where security is a must and you cannot afford any risks
  • 5
    @xotu It was PHP/Node though :)
  • 5
    @linuxxx The Windows sysadmin is the same one from a previous rant?
  • 2
    @gitpush what security risks? That's vague and a half lol
  • 1
  • 2
    @gitpush it's been fixed for a bit now. 2.0 is officially out now, this was fixed in patches for 1.0 and 1.1. No need to act like that is still a thing.
  • 6
    Mh stackoverflow use Windows. Is it really that bad?

    https://meta.stackexchange.com/ques...
  • 4
    Why does windows still come in consideration?

    *Facepalm*
    *BIG sigh*
  • 1
    @Qaldim Think So yeah!
  • 0
    @linuxxx wait I thought you gave this advice jokingly one time and then the other guy said no way.
    Lol I'm sure it was probably another instance, you seem like the type of dude to dabble with all kinds of servers day and night 😅
  • 0
    Windows Server is actually locked down nicely, it's usually user error that allows me to get a foothold during an engagement.
  • 2
    @linuxxx the fact that they thought a PHP/node app could be secure or stable is hilarious, period.
  • 1
    @er1n If you program using safe practices, I don't see why it couldn't be secure?
  • 0
    @linuxxx that's true, but I don't have much faith in this place given your post
  • 4
    @er1n May I add that I was the person who was going to develop the backend and suggested PHP/Node? :)
  • 1
    @er1n Oh and the place was awesome, that intern was just an ass.
  • 0
    @linuxxx oh, I'm just generally leery of anything that touches PHP at this point, after working on some codebases that had such lovely features as "unsalted md5 for password hashes", "evaling cookies to maintain state", and "dumping arrays to text files as a database"
  • 3
    @er1n😲😷 that''s just bad code/security practice in general 😩
  • 1
    @er1n hmm, how does one even dump an array to a text file, I wanted to do that s while back but ended up json encoding it instead.

    For the record, I wanted to dump lt, so I could copy paste the content into a repository.
  • 0
    @lotd most primitive arrays could be turned into a CSV file, right?
  • 0
    @iam13islucky yes, but then it's not an array dumped to a file.
    Afaik at least.

    The whole point for me dumping an array to file was to easily copy paste some stuff :p
  • 0
    @lotd ah. I don't know how well dumping the memory contents would work, but I see where you are coming from
  • 2
    @er1n we had plain text passwords in a Perl application (authentication service) I actually had to fight over it with the senior Dev to fix that crap in the new version. Doesn't make Perl a bad language though (has plenty of other traits for that 😂).

    Storing data (array) in PHP files is actually not be such a bad idea. With opcache this is the fastest way to read data in a PHP app. Not so great if it needs a lot of updates though.
  • 0
    @babeman Using PHP for the website and node for the general application :)
Add Comment