• Client Certificate? (unregistered)

    Would be my first approach, but then, I'm just a PHP drone ;-P

  • (cs)

    Thread over in one post. Client certificate for the win.

  • (cs)

    Darn, I was going to say that!

  • 1234 (unregistered)

    Well, at least they are ready for a second user to access the system...

  • (cs)

    Apparently someone never heard of SAML.

  • Captain Obvious (unregistered)

    ssl client certificates anyone?

  • (cs)

    ...so the mechanical beings of the machine-planet built all-this just so v-ger could complete its mission... wait...

  • Anonymous (unregistered)

    I hope she was worth it.

  • My Name Is Missing (unregistered)

    I've been in his exact shoes. A salesman for the company I worked for once told me "my job is to lie to customers and your job is to make me look good."

  • Anon (unregistered)

    This WTF actually had a punch line! WTF!

  • (cs)

    So one person at the client holds enough sway to force a gross misuse of funds and resources, all so she doesn't have to remember another username and password.

    I wish I could call shenanigans on this, but it's entirely too believable.

  • (cs)

    Sales people, together with customers, will be the first ones up against the wall when the revolution comes!

  • (cs)

    They didn't like the idea of relying on headers, becuase headers can be faked. But they're cool with relying on cookies?!

  • Ernie (unregistered)

    And noooo one bothered to ask at any point "how many clients would need to be logged in at once?" for session reasons? Or for failover? Or for any other countless reasons?

    I feel this issue would have come up at one point or another.

  • Kneecaps (unregistered)

    No wonder our health care costs are skyrocketing.

  • (cs) in reply to Justice
    Justice:
    I wish I could call shenanigans on this, but it's entirely too believable.
    Agreed. It's even possible that the one person at the customer wasn't actually officially responsible, but instead was just someone in an administrative position that was determined to dig their heels in. The stupid thing is that there wasn't some kind of existing single-sign-on structure already in place on the customer side that could have just been leveraged. Or maybe there was but some admin (probably on the customer side too) decided they didn't want to support it. As it is, too many on the customer side seem to think that the best technique involves thought transfer and pixie dust.
  • schmitter (unregistered)

    I think I just threw up in my mouth a little.

  • (cs) in reply to Zolcos
    Zolcos:
    They didn't like the idea of relying on headers, becuase headers can be faked. But they're cool with relying on cookies?!
    Shhh! Don't tell them all our secrets!
  • (cs)

    It's not like thay didn't pay for it. Money is money.

  • Ferdinand (unregistered)

    and the obvious solution would have been:

    tape the password to the screen

  • Steve the Cynic (unregistered)

    Passing comment: Gerald was asked to implement a solution that had already been decided, rather than to select a solution for a problem. OK, this happens sometimes. It appears, though, that the solution had been selected by the salesdoofus or the client, more likely both together, based on technical ignorance. This, too, happens sometimes.

    Gerald then raised the level of WTF by applying his own ignorance (to be charitable, perhaps we could call it "gaps in his knowledge", but I'm not in a charitable mood today) and setting the tone by beginning with "It's impossible". No, it's not impossible. It's software, of course it's possible. (I'm being deadly serious here. Code is the most flexible and adaptable construction material known to man.)

    As the very first poster pointed out, client certificates are the correct solution to this problem. As it stands, in two years' time, nobody at the client will remember how the authentication works, and will turn off the local token server, or renumber the network, or give the recalcitrant idiot user a new machine so its DHCP-granted IP address changes. Then the RIU will not be able to connect, and that's the end of that.

  • Anthony (unregistered) in reply to Zolcos
    Zolcos:
    They didn't like the idea of relying on headers, becuase headers can be faked. But they're cool with relying on cookies?!
    Well, what got me, is the header was generated at the firewall. So even if someone internally faked the header, wouldn't it be overwritten? And if they faked it from outside of the firewall, couldn't you just check the source IP and see it wasn't from their secure network?
  • UK Guy (unregistered) in reply to Kneecaps
    Kneecaps:
    No wonder our health care costs are skyrocketing.

    Pfft dirty socialist National Health Service FTW

  • Marcus Brito (unregistered) in reply to Zolcos

    Not to mention source IP is easily spoofable or hijackable, and anyone could pose as the Single Sign One.

    Also, +1 to client certificates. It's the only real secure solution not involving passwords once Kerberos was ruled out.

  • Major Blud (unregistered) in reply to Ernie

    I'm sure it did....but why should that make any impact on anything, it's a sale!

  • Your IP here (unregistered) in reply to Anthony
    Anthony:
    Zolcos:
    They didn't like the idea of relying on headers, becuase headers can be faked. But they're cool with relying on cookies?!
    Well, what got me, is the header was generated at the firewall. So even if someone internally faked the header, wouldn't it be overwritten? And if they faked it from outside of the firewall, couldn't you just check the source IP and see it wasn't from their secure network?
    Because it's totally impossible to spoof the source IP address /sarcasm
  • (cs) in reply to Justice
    Justice:
    So one person at the client holds enough sway to force a gross misuse of funds and resources, all so she doesn't have to remember another username and password.
    Am I the only person that read the bit about remembering logins/passwords and immediately thought, "Uh, Keepass?"

    Who actually bothers trying to remember all this crap anymore? Way too many logins and sites.

    And yeah, there's client certificates, SAML, OpenID... but if the only problem is that she can't remember her passwords, why not go for the solution that costs precisely nothing to implement?

  • Ken B (unregistered)

    So, how big was the sale?

    Of course, if they lost money on it, it's Gerald's fault for not being a team player. :-)

  • the beholder (unregistered) in reply to My Name Is Missing
    My Name Is Missing:
    I've been in his exact shoes. A salesman for the company I worked for once told me "my job is to lie to customers and your job is to make me look good."
    One place I once worked at was a company that created a sort of device to attach to trucks and forklifts, and it would log all their activities: current speed, gear, the time it was turned on and off, and whatnot. I'm sure there must be a simple name for this device, but I have no idea what it would be in english.

    Yeah, it was some sort of embedded platform, but there was a filesystem. Anyway, this is not the point here. The important thing is that the device would store info until it approached a RF base-station, when it would then handshake and transmit everything stored in its memory to the "server".

    WTFs piled up in that place, like the lack of ANY CVS at all (a story for another day.) But one day my boss called me and told me that we had closed a deal with a new customer. They had been promised that our devices could be used to track their trucks in real-time. And the funny part is that who promised it was no other than the company owner that didn't have a clue on technical stuff.

    He backed off when his brother and business partner told him it was impossible for such a small company as theirs, but I surely wanted to attend the reunion where he told it to the customer.And I always wondered how he would suggest us to create our own GPS. Maybe we should start by launching our own satellite?

  • (cs) in reply to Your IP here
    Your IP here:
    Anthony:
    Zolcos:
    They didn't like the idea of relying on headers, becuase headers can be faked. But they're cool with relying on cookies?!
    Well, what got me, is the header was generated at the firewall. So even if someone internally faked the header, wouldn't it be overwritten? And if they faked it from outside of the firewall, couldn't you just check the source IP and see it wasn't from their secure network?
    Because it's totally impossible to spoof the source IP address /sarcasm
    Unless you want a response to your request.
  • Frz (unregistered) in reply to Your IP here
    Your IP here:
    Because it's totally impossible to spoof the source IP address /sarcasm

    While it might be possible to get a single TCP Packet trough with a spoofed IP it becomes next to impossible when challenging the client ie.

    • Request -- Challenge -- Send Challenge back

    Done - nearly unspoofable... That is unless you have hardware access to any router/wire in between the two endpoints...

  • (cs) in reply to Steve the Cynic

    Good sir, while i was first on Gerald's side, your view (plus first poster/client certificates etc.) has furthered my understanding and has gotten me to ask the right questions. Did not volume of users come up in any discussions? Was no client certification google'd? "Impossible" is not an acceptable answer, especially when you know you're about to implement a solution come up by a non-technical side of the business.

    Half the reason i visit this place is to discover these kinds of decision pitfalls, avoid them and better myself and the industry. Or at least try to be less guilty.

  • Your IP here (unregistered) in reply to Frz
    Frz:
    Your IP here:
    Because it's totally impossible to spoof the source IP address /sarcasm

    While it might be possible to get a single TCP Packet trough with a spoofed IP it becomes next to impossible when challenging the client ie.

    • Request -- Challenge -- Send Challenge back

    Done - nearly unspoofable... That is unless you have hardware access to any router/wire in between the two endpoints...

    I was thinking specifically of MITM/IP Hijacking when I said that. Which, I'll grant you, are relatively sophisticated attacks, and unlikely risks for obscure, low-value traffic.

    Which is why you use client certificates, as has been noted, because they can protect against MITM when used properly.

  • sirlewk (unregistered) in reply to Frz
    Frz:
    That is unless you have hardware access to any router/wire in between the two endpoints...

    Which you have to assume is the case. We are talking about medical data here, ACTUAL security matters.

  • SR (unregistered) in reply to UK Guy
    UK Guy:
    Kneecaps:
    No wonder our health care costs are skyrocketing.

    Pfft dirty socialist National Health Service FTW

    I think in a statement like the grandparent port, the "our" could easily refer to us as a species.

  • Quirkafleeg (unregistered)

    IPv6.

  • (cs) in reply to Steve the Cynic
    Steve the Cynic:
    Code is the most flexible and adaptable construction material known to man.

    Nope. Lego is. Or maybe plasticine.

  • Fred (unregistered)

    ./RemoteSlap --ExtraStrength --ExtraFast 10.1.23.97

    Hum... that would be delightful.

  • pete (unregistered)

    Did the sale actually make money? With 3 weeks programming, 2 QA testing countless meetings and the cost of the hardware?

    I bet the salesman still got his bonus for it.

  • (cs) in reply to Fred
    Fred:
    ./RemoteSlap --ExtraStrength --ExtraFast 10.1.23.97

    Hum... that would be delightful.

    $ lart --help
    Usage: lart [-w|--weapon weapon] [-h|--help] 
    weapons: cluebyfour (default) sockwithcoinsinit thermonucleardevice (requires root privileges)
  • EatenByAGrue (unregistered) in reply to UK Guy
    UK Guy:
    Kneecaps:
    No wonder our health care costs are skyrocketing.

    Pfft dirty socialist National Health Service FTW

    Haven't you heard? If Steven Hawking were under the British NHS, he'd never have been allowed to live! (Yes, this argument was made seriously and defended here in the US.)

  • Quirkafleeg (unregistered) in reply to Zolcos
    Zolcos:
    They didn't like the idea of relying on headers, becuase headers can be faked. But they're cool with relying on cookies?!
    A strong # applied to well-chosen text would help, along with an encrypted connection.
  • bbot (unregistered)

    Wow.

    Wow wow wow wow wow.

    I've never commented before, but this inspired me to speak up.

  • (cs) in reply to java.lang.Chris;
    java.lang.Chris;:
    Steve the Cynic:
    Code is the most flexible and adaptable construction material known to man.

    Nope. Lego is. Or maybe plasticine.

    Pffffffft. Meccano.

  • (cs)

    So, just to be sure I understand this:

    A person who is too dumb or lazy to remember one f*cking password is entrusted with patients' health care records ?

    and/or

    A person who is too bloody-minded to logon presumably wouldn't have a login for her PC either - so switching it on would give anyone access to the application ?

    WTF!

  • Quirkafleeg (unregistered) in reply to Quirkafleeg
    Me:
    IPv6.
    … except for the fact that, once again, it identifies only the network interface (spoofable) and not the user.

    On the up-side, NAT isn't an issue. All who've said to use the likes of SSL certificates, I'm agreeing.

  • GedoonS (unregistered)

    The correct solution for this problem would've been a label maker, with which you type the users username and password and tape it to the monitor. Problem solved.

  • (cs) in reply to java.lang.Chris;
    java.lang.Chris;:
    $ lart --help
    Usage: lart [-w|--weapon weapon] [-h|--help] 
    weapons: cluebyfour (default) sockwithcoinsinit thermonucleardevice (requires root privileges)
    That last note is redundant. Anyone who would use a lart would have root privs anyway (or could get them in moments).
  • SkittlesAreYum (unregistered)

    It took three solid weeks of development time, two weeks of QA testing, several thousand dollars in new hardware, and tens of thousands of dollars for an external HIPAA assessment

    So, I work for a product development company, and five weeks of work (unless we're talking something like 5+ developers) is nothing. A tiny project. And several thousand dollars in hardware? That pales in comparison to the labor costs. Now, I know that IS a lot of money for one person to be able to log in without a login, but I got the impression the writer thinks that's a lot of money to spend in general. It's not.

  • PITA (unregistered)

    My laptop has a fingerprint scanner - can't I use that to log on to the system? No, someone may chop your fingers off and steal your password!

Leave a comment on “The Single Sign On”

Log In or post as a guest

Replying to comment #:

« Return to Article