David E. and his peers were pirates back in the pioneering days of the wide open seas of the internet back in 1998. Their small group consisted of a few just-out-of-college adventurers and one slightly more seasoned manager. They sailed by the seat of their pants while writing a new product for their company. It was like sailing over the ocean, looking for something, but not knowing what...

The application they had cooked up looked promising, but the initial roll-out went... badly. It performed fine when they tested it-- but when clients started hitting it all at once, it choked. They felt as though they were locked in a pillory, and gleefully mocked by David's boss's arch nemesis-- let's call him Ahab. Ahab swaggered into the review and ripped at their design, convinced it would never work, all the while touting his own example. David's team had to concede that he was right, and re-factored a lot of their code. After all, Ahab was The Man!

For the next year or so, Ahab was untouchable. He barked orders and his minions scurried hither and yon, obeying for fear of who-knows-what.

Ahab's group maintained a whale of a publish/subscribe system that delivered files around the company. David needed a file that was going to be published so they could put it on their website. His boss set up a subscription, and tested it, and it worked great.

Unfortunately, the best laid plans can so often get waylaid by the most ridiculous things.

David's team pushed the system ahead into their staging area, and it failed. Miserably. It gave them a mangled file. Why? They couldn't figure it out-- the file simply was shorter than it should have been when it arrived. Eventually, they deduced what had happened. When his boss tested it, he published the file on a UNIX system, and received it on a UNIX system. But in staging, it was published on Windows. Ahab's wonderful subscription system was converting Windows-style newlines into UNIX-style newlines and corrupting the file. Ooooookay.

For reasons David could not understand, this error had never arisen before. To fix it, Ahab commanded his group to add a new parameter to the subscriptions: "conversion type". You could choose from "No conversion" or "Binary conversion". Obviously, "No conversion" meant "we'll convert the newlines for you" and "Binary conversion" meant "we won't convert anything". Yes, you read that correctly.

Well, that's all well and good. But now they had to modify their subscription to use the new "binary" setting. David signed on to Ahab's wonderful web-based interface to modify the subscription settings, and quickly realized that his account wasn't allowed to modify the publication. Each subscription had a list of "approved editors"-- and the only person allowed to approve their subscription was his boss, who happened to be on vacation.

David was stuck until his boss came back. ... Or was he? David knew some of his boss's passwords (they were renegades, remember?). Maybe his password on this system was the same? Could he slay the beast? He took a shot, but no luck.

Then David got adventurous. He logged in as himself, and attempted to understand how they set up their logins. It was cookie-based-- he wasn't even sure what he thought he'd be able to do. But to his surprise, the cookie they used for authentication was ... his username. Well, ok, technically, they encoded his username. How, you might ask? Something wizardly like rot13? Or a clever bit of mathematical transformation?

Nope. It was his username... backwards.

Could it be that simple? Could he fake up a cookie with his boss's username-- backwards, and get logged in? Yes. Yes he could. He got in, changed the subscription, and logged out. Nobody ever found out what David had done. Well, ok, admittedly, when his boss came back he told him the story.

But nobody was ever able to convince Ahab to change.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!