- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
No they're not. I kept a spare key in my old car so I could let it run unattended in the winter to warm up, while being able to lock the door without carrying 2 keys on me. Someone broke into the car, broke into the glovebox, saw the key and took the car.
Admin
Again with the quote...
No they're not. I kept a spare key in my old car so I could let it run unattended in the winter to warm up, while being able to lock the door without carrying 2 keys on me. Someone broke into the car, broke into the glovebox, saw the key and took the car.
Admin
Again with the quote...
No they're not. I kept a spare key in my old car so I could let it run unattended in the winter to warm up, while being able to lock the door without carrying 2 keys on me. Someone broke into the car, broke into the glovebox, saw the key and took the car.
Admin
Of course its a WTF! If there is any justifiable reason for doing what he did above (note: I'm not suggesting that you explanation in any way justifies it, because it certainly doesn't), then there needs to be a good comment explaining what the hell is going on.
Admin
Admin
<sarcasm>Sorry to have ruined your day</sarcasm>
Admin
Admin
Not as dumb as it sounds, we have something similar at a place I use to work, commercial product not home grown. In addition to the database connection a bunch of other configuration information was passed back.
It is a communication system design, full video capability, white board, VTC basicly everything communication wise under the sun , so that internal and external people can connect using a single account and allows for multiple areas. What happens is the user run the application and enter the user ID, password and name of a public database(used the free version of sql server 2000), with a config file user account/password. The software get the connection information and then disconnects and connects to that communication server and database, the database allows you to search text past communications, stored uploaded files and record videos from the various rooms.
Where the "neat" thing comes in is that you can setup multiple servers for internal users, external user and special events, etc, users can connect with the same information but as far as the servers are concerned they can have unique really strong, unique passwords. We worked with alot of external users who connected to the external servers in addition to having their own servers, so all you had to do was use the configuration software and it would setup accounts and everything and give you out scripts that could then be sent to the remote server and run and the users would then have access to that server all using their old accounts and passwords. We would also have special events located at remote locations where they would bring a server with the accounts already setup, but they would need to configure the server for the local IP adresses,etc , once the remote server was configured they could send us the information a quick run of the configuration software and the users could start connecting.
The real benefit was that users did not need to know where the servers were located, if the user forgot their passwords just change the one machine and they were back communicating with machines we had no easy control over and if a remote machine got stolen, who cares, even if they could decrypt the passwords in the database we had already deleted the accounts for the central machine and could of easily configured another machine with the users really not knowing much had happened.
That is a very simplified view of what was done, a lot of other security features not mentioned along with other stuff such as cross platform support. Was it the best way of doing it? hey it was 2001 software, but even now for the easy way it worked for the users it would still be hard to beat.
Admin
Wouldn't do you any good, he always locks it so no one can steal the keys.
Admin
With a few caveats, I think this is perfectly acceptable: Caveat 1: It really selects data and not a literal like the probably censored example given. Caveat 2: The connection strings it selects are from a separate DB.
Ever heard of a pointer to a pointer?
Admin
Happend to a teacher of mine. On his first day.
Captcha: gotcha :-)
Admin
How do you know that they saw the key and took the car? Maybe they just took the car without the key?... Can you say 'insurance fraud'? :)
Admin
I don't understand. I think you must already know the connection string before you can get the connection string? We must OBEY the laws of thermodynamics.
Admin
Admin
What if you leave BOTH sets in your car, with the windows wound up to 200% of their maximum height, and the ignition is maybe on?
Admin
It's like when a serial killer is found and his neighbors will think about any possible explanation.
Admin
Budyy that joke is soooooo yesterday
September 2007!?!?? wtf how did i get here ?
Admin
I knew you'd regret having a car with Windows.
Admin
I knew you'd regret having a car with Windows.
(second try, this time including the quote.)
Admin
it's most likely using an Access database
you must supply a FROM clause, so just "SELECT 'blah'" wont work, hence their user of the users table.
but yeh, they might as well just put the string into a variable
Admin
That goes for all of you who think something is actually being read from the database here.
Admin
At a recent contract job I had to sit through a training session on how to use literals in C++ code. While there were a whole slew of WTFs in the training (unrelated to this discussion) this exact recommendation came up: in a discussion of where to put a specific class of literals, including connections strings, user names and passwords, one of the recommended locations was in the database. The example given in the presentation, however, showed the DATABASE NAME, USER NAME and PASSWORD being moved from source code (admittedly, not a good place to put it) INTO THE DATABASE! The presenter did not seem at all amused when I pointed out the difficulty involved in this example.
Admin
I was laughing the rest of the day. I didn't see the rest of the cartoon, so I don't know if we knew about the villain or not, but it is a pretty silly conceit in the first place that to solve a mystery you get presented with five different characters and it's always one of them.
Admin
Admin
I'm really confused - what column is being selected here?
It looks like the sql is selecting a column called:
"driver={SQL Server};user id=<removed>;pwd=<removed>; Network=dbms;server=127.0.0.1;database=<removed>;"
and returning all values from that column as "dbconn". This goes way beyond a coding wtf...
I'm no sql expert, so what am I missing here?
I mean, something like: "select ConnectDetail from Connections where UserID = <removed> as dbconn" would make some sort of sense...
Admin
SELECT 'Hello'
will cause the server to return to you a one-row result set consisting of one column, with the string value 'Hello'.
It's difficult to come up with a rational explanation for this, although some of the WTFers have had a decent try.
Admin
Phew... which just begs the questions:
Why, on God's earth, would any one ever need to do that with SQL? (select a literal value in your code as though it came from a database). Isn't that a WTF of its very own?
Why would they do that here? (ignoring the obvious answer "because if they hadn't done it, it wouldn't be on TDWTF and therefore you couldn't ask the question"). I mean, why not just say "dbconn = <this> + <that> + <whatever>". How does someone rationally decide to take that approach? Do they fly from England to France via Hong Kong?
Admin
Admin
When the car was recovered a few weeks later, the key was in the ignition and the ignition wasn't tampered with.
Admin
I do keep a spare key in my car. That way I can keep my non-waterproof remote key and large selection of other keys in the car whilst I take my nice slim, waterproof non-remote car key swimming.
Rich
Admin
I keep a spare too hidden somewhere inside the car.
If you are in a place and time where waiting for a tow-truck (or anybody, really) for help is not the smart thing to do, you can always break a window and use the key to escape.
A side window is cheap, less than $100 or so if you install it yourself. Your health or life is not.
Admin
Its more like keeping the keys of your locker in another locker. So nothing wrong with that i think
Admin
I see nothing wrong with pulling the connection string for one DB from another DB. It is actually an elegant solution to implement single-sign-on across different platforms and legacy systems.
Admin
OMFG this must have come from Microsoft Commerce Server. Worst fucking piece of GAH ... grumble
Admin
reminds me of a book, where someone tried to send an encrypted message using the message ITSELF as the code key...which would make it impossible to decode, because you would need to know exactly what the message said in order to decode it...
Admin
I used to work with an application that would do (some) logging in the database. Including an error message when the database wasn't available. Strangely enough, I didn't found a single "Database not found!" log in the logging table...