- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Good ol' Monty. Always trust designers with server access!
Admin
The an article doesn't make clear the an difference between the an admin and the an manager. Was it the an Jim's manager who deployed his module, or the an super-admin? And what did this have to do with the an Customization Panel?
Also, the an first.
Admin
I guess TRWTF is believing that Wordpress offers any real form of security.
Admin
Also, drat, too slow and not the an first.
Admin
So, had Jim actually changed something about the test order that prevented Jim's manager from deleting it?
Admin
Oh this manager sounds like a real treat. I tried something and it didn't work, so the developer must have screwed something up! I know, let's remove their permissions so they can't screw things up, but also can't do their job!
Admin
Yeah man, the grammar is like hell in this article. WTF???
Admin
Its all about perceptions. Yes if you say, "hey man I can totally screw this place already" yea that isn't the message you want to send. Its not necessarily a bad idea to point out weaknesses in policy and controls however. You should say something like
"Oh I did not realize we did not want development staff to have permissions to deploy modules on the production server, I had guessed we had those so that we could assist operations if the need arose. I can see how that is a sensible control though. The problem is in the current configuration its not effective because X,Y,Z. We should get that fixed so there can be proper accountability."
And in truth you do want that. I have worked in places where I have ASKED for my own permissions to be reduced. Mostly because I did not fully trust the admin staff, and wanted to be sure I would be blameless when things did go wrong. Its a good thing when the finger pointing starts to be able to say "wasn't me I am not normally allowed to even login, but if you want to throw me in the wheel group for the evening I'll help troubleshoot; you all can figure out who broke it later."
Admin
One more option: Send out resumes now and run as quickly as possible from that dysfunctional company.
Captcha: bene - good good.
Admin
"Proper user permissions are hard. Lets take away access until people can't do their jobs and complain." - every company every where.
Admin
Admin
"The administrator had only restricted Jim without actually increasing the manager's capability."
One WTF perhaps, but many more prevented...
Admin
I am failing to understand who "Sophie" is in this story?
Admin
That is only way they can NOT do any harm.
Admin
you are being silly if you are focused on spice and not the meat of the story.
Admin
Plus 1.
If the manager can't delete a test order, then there is a bug in the system. Probably, users can't delete their orders either. This should have resulted in a ticket being issued, and someone (Jim?) fixing the problem.
If the manager can't simply ask Jim -- Hey Jim, did you deploy something yesterday? I can't delete a test order -- then there is something even more fundametally wrong in this company than access permissions.
Admin
I always ask for read-only access to production databases; that way I can't accidentally modify data. Sometimes it's frustrating; but it's much better for my career.
Being able to directly modify production environments is a recipe for having your name appear in a front-page article on TDWTF.
Admin
Admin
Thanks for that ex-plantation.
Admin
Years ago, I knew a woman who worked on payroll systems for a rather large company. Everything she did was supposed to be on a test payroll system but somehow she apparently had full access to the live payroll system as well.
After a year or so, she was fired for hacking into the live payroll system. My guess is that she logged into the live system when she should have logged into the test system.
Admin
I was working at an international firm...
And someone became concerned that developer read-only access to server production log files could be a security problem, for reasons they could not describe, revoked access to the web interface that let us list and download the log files.
It wasn't long before we pointed out that we couldn't help them resolve their production problems without being able to see log file contents.
So they granted us FTP access to the servers.
Read-write FTP access. To the Unix root directories. Of All the production servers. Oh, and plain text database passwords were stored in configuration files... So all the production database passwords were exposed too.
As far as I know, it's still that way, to this day.
Admin
My preference is for users not be able to delete anything important but to leave an auditable trail by marking it as to be ignored. I would be more likely to cancel the order along with the date, who, and the reason for the cancellation.
Admin
Off topic, but am I the only one who thinks Weird Al should have called the new album "Mandatory Fun Day?
Admin
The amount of incomplete sentence fragments. Is driving me. Absolutely. Cr. Az. Y.
Admin
A few years ago, I worked for a company that had an Admin interface to manager users, clients and configuration settings of a large healthcare portal. Almost every developer, including several Indian contractors, had access to the production admin site that exposed names, addresses, date of birth, SS# and more of over 5 million people.
At least 8 months after being downsized in favor of more offshore contractors, I could still log in to the Admin site. I may or may not have changed the answer to one of the FAQs:
Q: Is my private health information secure? A: No, not at all.
Admin
Agree.
Admin
Admin
Admin
Dear Bruce Johnson,
The word for un-fired clay is "clay". Once you fire it, it's ceramic.
Admin
Uh-huh. And good luck finding a company with a less disfunctional security ruleset.
Admin
In which case, do NOT take a job on the bridge of NCC-1701 .
Admin
I added the spice later.
Admin
I cannot BNF :(
Admin
Release management seems to be an afterthought at most companies, if even considered at all.
Admin
Besides the typos already noted, there's a small WTF with the sequence of tenses in some sentences.
Proofreading much?
Admin
I wish I could release my management.
Admin
You are being silly if you are focused on the meat and not the dahl.
Admin
Dahl= Branch of Tree! Dal = Lentil in food!
Now who is being silly. Only time to focus on dhal is to check strength before attempt to pluck raw mangoes.
Admin
Almost all of these security things has to do with one of two problems.
The problem is that managers can't tell that #1 and #2 have the same results.
Admin
http://en.wikipedia.org/wiki/Dahl
If I am wrong, I am in good company. Wikipedia says that both spellings are correct for lentils in food.
Admin
TRW(an)TF is using Wordpress for anything business-critical.
Admin
Years ago, one of our minicomputer customers was PARANOID about security. He had the only admin account. We worked mostly offsite on separate machines. He'd enable our accounts when we showed up to install software, and disable them when we left. There were no dial-in lines or internet, so it did seem that to augment physical security with account security was a bit much. But that was his "thing." ;->
But... There was one terminal port, which we trained them to use weekly -- to back up the system. It had admin access, without requiring any login process at all. We often used it, when there, to bypass all security protections.
To the best of my knowledge, Mr. Paranoid Customer never did "put two and two together" about the backup process having access to everything, with no security, and, well... No Security. Well, we were a bit to "busy" to explain it to him in detail. >;->
Admin
Admin
Seasoned professionals? Meat and spice? What is really going on here?
Admin
Admin
Shouldn't sysadmins be doing the deployment?
Admin
I had the Jim recently completely permissions reduced. I assure you, it was an laughing matter.
Admin
Clearly.
Admin
Admin
[* Intentionally half true and half sarcastic, to fight cultural misfire with cultural misfire.]