- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Admin
This may be the first comment, but I predict that some smartass will post "*****" in the few seconds before I hit "submit".
In any case, doesn't this mean that anyone can log in with any password just as long as it has the same number of characters?
Admin
Admin
**************!!1!
Admin
Actually, TDWTF's comment system is pretty clever. If you type your password into the message box, like this "*************", you can still see it, but any other user reading the comments just sees stars. Really! Try it!
//I have to point out: don't actually do this. I pulled the same gag in another forum and somebody actually did fall for it.
Admin
The get method is really misleading. What if their password isn't "hunter2"?
Admin
wuss
Admin
Admin
hmm, good point.
Admin
Admin
0******789
CAPTCHA: ******
Admin
Admin
Yes hangman!
F?
Admin
User.MIN_USER_LENGTH
What is the height requirement to use their system then?
Admin
F*** FF *** F***** *******
Admin
K, C, O, and U.
Admin
Can I buy a U?
Admin
B?
Admin
OK, Wheel of Fortune style:
RSTLN E
F*** FF *** FN *SSLE
Admin
So wait, their business objects return "*******" for the password property? How does calling code work with the real value? Any why the hell is there GUI code (System.Windows.Forms.MessageBox calls) in the business objects? And is that a changed event? Why do you need a changed event if the changed value is a big secret that can't even be exposed to other parts of the code? I guess what I'm asking is, in summary, what on Earth is this steaming pile of crap?! Why create an n-tiered application if you're just going to piss all over the fundamental principles therein?
Admin
Why do they use try/catch around String.Format? Does this really generate exceptions?
Captcha: uxor -- unsigned xor?
Admin
MIN_USER_LENGTH is not the user's height, unless horizontal, if you know what I mean.
Admin
Of course you don't send unvalidated data to a MessageBox. It's expecting button clicks, or maybe the space, tab, or enter key.
Admin
And I buy an O.
Lemme guess the result:
FU** OFF OU FU**** **O
;oP
Admin
Admin
Without commenting on the code itself, I've seen this type of thing before. It wasn't all that uncommon at my previous place of employment. We would get code from an offshore contract that was this bad and would do things like log passwords to text files, and when we cried foul they would "fix" it in a manner eerily similar to this. I'm betting that's exactly what happened here.
Admin
Well said!
Admin
Admin
Well, at least you can tell if the event handler failed: that's the only case where you'd get ****** passed back instead of ********!
Hangman: FUCK OFF YOU FUCKING ASSHOLE! Have I won the car, Vanna?!!
Admin
So really its a Separation of Concerns (SoC) WTF, or is that Single Responsibility Principle (the 'S' in SOLID)?
Admin
On a related note, we had an interesting customer complaint about a password recently. The guy was trying to log in, and sent us a profanity laden email when he couldn't. For reasons known only to my predecessor, passwords are stored in our database in plain text rather than being hashed, so I took a look at this guys password in order to attempt a log in. His password was:
●●●●●●●●●●●
It turns out he'd cut and pasted his favourite password from a web form in his web browser, which had been set to store passwords.
Admin
My horizontal height tends to increase under the influence of beer. Given enough nights of drinking I may yet be allowed into their system.
Admin
You've got mad taunting skillz!
Admin
Unfortunately our system uses plain test passwords too, except this is by design. It turns out people in the motor trade are too fucking retarded to remember a password, even if it's the same as their name, and they call up constantly wanting their password. We tried implementing hashed passwords with two step reset password setup, but their knuckles dragging across the keyboards meant it didn't work. In the end we went back to the original system that makes me cry when ever I look at it. For what it's worth, we don't store anything other than their name, email address and vehicle preferences.
Admin
FUME OFF YOU FUNERAL MERLOCK?
What the hell does that mean? Is a Merlock something like a Grue?
Admin
Admin
Then why not get rid of the name and password requirement and just ask for their email address? Is vehicle preference really such a sensitive bit of information?
Admin
Why does a middle tier project even reference System.Windows.Forms???? That's so much of a WTF that Microsoft added a new feature to Visual Studio 2010 called "Layer Validation" that allows the system to fail builds when stupid things are referenced.
Admin
My guess: it's probably because the name is a "user name" or "screen name" - something that, unlike an email address, doesn't need change when the account holder changes ISP or free email provider.
Admin
smack-dab
Admin
sorry i meant to say: smack-dab and ball-slap
Admin
I wish I could find an off the shelf Java tool or IDE plugin that does that kind of layer validation. Instead, I have a script that looks for imports from JDBC and GUI related packages or JDBC and Servlet (actually a framework abstraction package, but the principle is the same) packages in the same class.
Admin
Admin
This is why you set hard application boundaries so that the DB layer is safely protected in its own jar
Admin
After we are done playing with wheel of fortune, I wonder why (is there ay other type of wonder) there isn't a built in language property (not some lame library) that does password stuff. Given the multitude of times this is REALLY screwed up, it probably wouldn't be a bad idea. Nice and normal.
Then again, given the user population it would be screwed up badly anyway, so it wouldn't matter. Oh, well.
Admin
Close but no car. The 4th word was JOYLESS.
JOYLESS
Admin
That still doesn't explain what a MERLOCK is...
Admin
Apparently you don't live near a GM factory. If you did, you'd know that having a vehicle preference that is NOT GM results in making you a social pariah far worse than if you admitted to being a pedophile or a terroist-sympathizer. If you actually OWN a non-GM car, you are liable to find it routinely vandalized.
Admin
So setting the password to null is okay, is it? Lovely; I'll do that then.
Captcha: esse n. What a Mexican child does for homework.
Admin
Fret iff not finding assmole?