- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
FTFY
/Style Nazi
Admin
Btw, kiddies on some ancient computers, there is not Caps Lock there, they have Meta instead.
-- Furry cows moo and decompress.
Admin
Who cares about the 240 accounts? If they were too dumb to type in their e-Mail they wouldn't log in anyway. And the password or confirmation link the system should have sent didn't arive anyway...
Admin
I dunno about that, just ran it through QA and everything seems to be working properly.
Even re-tried your note as a test case and yep, your claims still return false. Please submit a screenshot of the error or a set of steps to reproduce the problem, and we'll take another look.
Admin
"[email protected]" might be a perfectly valid email address (if there's an MX record for www.anyco.com).
One of my pet peeves is when some lackwit implements a "validation" rule that rejects legitimate entries. Unless you know for sure that something is invalid (and can point to an RFC that supports your position) then you should accept what the user has supplied. Let the user fix it if it's wrong.
Admin
So we made do with what we had.
Today, in my current position, we have dedicated Dev and QA environments for our SQL Servers. But I sometimes deal with other systems not directly under the control of our department, including an Oracle database for which there is no Dev, no QA version. Development is done directly against Production. Fortunately, it's all reporting, no updating. The username by which I connect has read-only access.
Admin
That's no troll. That's the requirements process.
I've done consulting, and without a stringent requirements document the client can keep on going "Oh one more thing..." Without any change in time/budget. It's all about pushback.
Admin
Using an email address as a primary key itself is an WTF.
EmailAddress has an many-to-many relationship with Persons. So you should never use it as an key. One person can have many email addresses, and many people may use the same address.
Sure, it's common to see the relationship forced into one-email-per-account on the web. However, you're still left with the fact that email addresses are changable. This happens even within an business. I'm sure you know of employees who've changed surnames.
If you must use an email address as an login, then make it an secondary key (unique constraint, nonclustered).. Use an surrogate key for the relationships in the database. Then your users can get married/divorced without fear of messing your CMS up.
Admin
Yeah, a safety setting like that would be so hard to bypass:
UPDATE usr SET email = 'nonsense' WHERE 1=1;
DELETE FROM usr WHERE 1=1;
Admin
Ah, yes. "Fortunately, it's all reporting, no updating."
Indeed. Precisely what sort of development environment might this be? And why would any company spend quadzillions on an Oracle installation, and then not hire or train an Oracle DBA? (This is not a theoretical question. A couple of jobs ago, I was tasked with porting a ~2K KLocs C++ Oracle system to SQL Server, just because the client didn't want to pay for an Oracle DBA; even part-time. Paying through their ass for the resultant nonsense was, however, apparently justifiable.)
What you need, my man, is ... rummages through black bag ... ah, yes, I think I have it here -- NO! This is Essence Of Joe, abstracted directly from the adrenal gland! Poor Joe! I must honour his memory, or at least his glands, immediately ... gurk ... Eeek!
Well, what I think you need is either VMWare or some other virtualisation system. I'm sure you think that too.
I wonder if we can get your bosses to agree to this fairly obvious solution?
Failing that, I've got various other glands from Joe that they might want to huff. Apparently he had an unexpressed anal gland. To paraphrase Dan "Potatoe" Quayle, an unexpressed anal gland is a terrible thing to waste.
Admin
I roll out awk on Plan 9 for database.
Admin
Admin
The other point was that that was only part of what this guy did. But allowing this fool access to a "production" database is sheer stupidity.
I'm sure there's a whole bunch of log entries detailing just what else this nitwit did. I will note that the guy looks like he had no clue to syntax and probably kept referring to a book or something from the internet to keep refining the statements.
But what was really bad was not trying to re-enable the constraints after each operation.
It sure would have helped if they had backups too.
I'm hoping there was a piece to the story where the supposed guru didn't get paid.
Admin
Admin
The SQL Guru must have been Barack Obama. CHANGE!
Admin
Admin
WTF was this person working on the production database anyway? WTF did they not review what he was doing? This company deserved to get burned.
Admin
Same here. I don't see what the Control key has to do with anything.
Admin
Silly me, making out of context comments.
Admin
Admin
One-one-thousand, two-one-thousand... Noooo, my grammar nazi is awaking! Make it stop, make it stop!
Admin
Tightly coupling a user account name with their email address is stupid to say the least.
email addresses are not 1:1 with people, they can change and they can expire.
Not having a separate username column was always going to cause problems.
Also, abbreviated column names are horrible, unless you can find consistant rules for abbreviation - which you can't.
Admin
I use MyISAM you insensitive clod.
Admin
Stories like this never leave me satisfied. Did they call the "guru" out on his idiocy? What happened after this?
I want more!
Admin
why would they need one? japanese doesn't have spaces
Admin
that you fail at dictionaries
Admin
Admin
Yeah, I still don't get why they didn't just abandon the consultant's changes and cut their losses.
Admin
Admin
So you have a several-years-old Oracle database... which almost certainly doesn't have ANY of the security patches of the last few years applied... and contains enough fresh, critical business data to sustain a reporting application. Nice. Where did you say you worked again? ;-)
Admin
Because that is what he was hired to do? "Aderrific would bring on a SQL Guru to ... recover the countless invalid email addresses from the data."
I can see it now "Hey guys I fixed all your bad emails in your test database. See ya."
The data in production was bad, it needed to be fixed. How else would it be fixed?
Admin
Why is tightly coupling an email account with a user account a bad thing? Is the company going to give the same email out to multipe people? I know lets give the CEO the same email as the mail guy... I am guessing if the email account expires, the people will as well (at least as far as employment at the company goes)
Someone said using the email as the primary key is bad. I agree but there was no evidence it was used as a primary key. It only said it was KEY information. I'm not sure how not having a separate username column was going to always cause problems. Users can still mistype their username too.
In general I don't understand why email == username is a bad thing. If I want to create an account, and I don't want to share that account with someone then I don't use a shared email. Fairly simple, no?
Admin
I wouldn't just give any random guru off the street direct access to the only copy of my valuable data. Heck, I don't even trust myself messing with production data. Guess that's just me though...
Admin
You're assuming a level of technical sophistication and even interest in using the internet that just isn't there in many cases. I know several couples personally who share an email address, usually of the form [email protected], and I've run into this in my work too.
These are just regular people, not very tech savvy, who use email and surf the web a little, and that's about it. I would be willing to bet that anyone who shares an email address has no interest in having another, and may not even know how to get one.
I do consulting work for an organization whose database and membership website was set up up by a developer who thought using email addresses as usernames was the way to go. Now I get to deal with the fact that there are several members who are married and who share an email address with their spouse, who is also a member.
They are paying good money to belong to this organization, and I don't think it's appropriate for the organization to dictate to them what email address they can use, especially when it's simple enough to ask them to create a unique username when they set up their account in the first place.
Admin
Admin
Admin
So, if you throw "[email protected].", then it will be rejected.
Sigh. Anyone remember sites like ".edu.com"? Or the DNS bugs that turned up when it was registered? Trailing dots are good things.
Admin
As a company, they got what they deserved. They took on a job which they were not qualified for and ended up with an unsatisfied customer.
Now that's exactly what happened to the company they hired that SQL-Guru from...
I like the irony in this!
Admin
The more I read about this, the more I'm NOT convinced that the SQL guru was really just stupid. The log of his activities clearly shows that this wasn't an act of random dumbness. The guy wilfully destroyed their database's integrity! So what if he did it on purpose? What if he worked for Coca-Cola?
Admin
Congratulations, you just found the entire f'ing point of the setting - that you have to bypass it intentionally.
Admin
FRITZ!!
Admin
Admin
You press Shift with your dick? Now, that is really efficient. Will have to try, too. If only I was alone in the office.
Admin
Admin
Admin
Reading comprehension. You need it.
Where did it say they used it as a primary key? The article specifically said it was a field with a unique constraint. I also HIGHLY doubt that it was unchangeable once the account was created. Granted, it wasn't the best way to go about making accounts.
Admin
You shouldn't use an an in places where an an should actually be an a.
Whereas using in in places where an in should be an i...
Nothing is wrong in using an email address as UserID. If somebody likes to use [email protected], why not? You see people can have more than one passport (I have two valid ones from one country, don't ask how and why, just accept it) and more than one SSN. Or do you think that Yahoo, GMail, and all the others should rather use FirstName & " " & LastName as the PKey than the actual email address?
CAPTCHA: nulla, that's what I thought, too.
Admin
Ahm, I think that was actually YOUR fault.
Admin
No backup? WTF?
Admin
Did you use stored procedures?