Edward Pearson's company needed a comprehensive sales management platform to manage everything from point of sale transactions to past-due letter templates. Because such a system would be far too complex and expensive to develop in-house, they decided to purchase an already-developed product. Finding this application wasn't easy, but after months of searching and evaluating, they found three strong vendors, each with a solid product, a good reputation, and a strong support plan. There was only one problem: they all were expensive (like, $50,000 expensive).

Thankfully, a friend of cousin of a friend of the son of the manager saved the day: his company not only had such a product, but would provide it for *a tenth* of what the "other guys" charged. And how could you not trust the manager's son's friend's cousin's friend?

Surprisingly, the system worked fairly well. It did what it was supposed to (though, not as elegantly), could be administered as required (though, not as extensively), and could be customized (though, not as easily). In fact, the system worked so well that they decided to enable the client-facing interface, a subsystem that gave clients limited self-service.

A few days passed and -- all of a sudden -- the entire system disappeared. Every request to both the internal and external site returned a "404 - Page Not Found" error. Immediately, hackers were suspected: how else could all of the files in the web folder just up and vanish? With the high importance box checked, an email (the only support available) was sent to the vendor, explaining what had happened. A few days later (long after the site was restored from back-up), the vendor replied:

System is hack-proof, could not be deleted by intrudor. Probably, FTP name is open or guessed; suggest, you secure this with strong passwords. Also, maybe acceidental deleted.

A few more days passed and -- all of a sudden -- the system vanished, again. Nothing but 404's and an empty directory. But this time, while they waited for the vendor to reply, they brought in Edward to look at the code and see if he could find anything. After ten straight hours of looking through uncommented code, he found the problem:

function terminate() {
  exec("rm -r /var/public_www/$_SESSION['Tempfile']");

The purpose seemed to be deleting some temporary files created (we can only fathom why it would do that) during the session. Of course, if the user walks away for twenty minutes and returns to the still-open web browser, his session will expire and all of files in public_www will be terminated

General Announcement: If you used the contact form to submit anything to me in the past week or so, I never received it due to spam filters. Feel free to resend.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!