C'mon, There's Nothing Wrong With That!

Johannes Nordh's employer was going through big changes. They had a new image, new managers, and most importantly, a new vision statement. They also decided that they would need a fresh team of "highly talented" software developers to help realize the company's goals.

While reviewing some of the new code developed, Johannes brought up a bit of a security hole he found. At my last place we always did this all the time, the new expert responded, it's a heck of a lot easier to fix problems if they ever lose the password; c'mon, there's nothing wrong with that! ...

authTicket = identMgmt.GetAuthenticationTicket(username, password);
if (authTicket == null)
{
  if (request.getParameter("backdoor") != null
      && request.getParameter("backdoor").equals("secret"))
  {
    authTicket = AuthenticationTicket.CreateFromTemplate("sysadmin");
    authTicket.Username = username;
    authTicket.FullName = "System Administrator";
  }
  else
  {
    throw new AuthorizationException();
  }
}

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!