- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Would be my first approach, but then, I'm just a PHP drone ;-P
Admin
Thread over in one post. Client certificate for the win.
Admin
Darn, I was going to say that!
Admin
Well, at least they are ready for a second user to access the system...
Admin
Apparently someone never heard of SAML.
Admin
ssl client certificates anyone?
Admin
...so the mechanical beings of the machine-planet built all-this just so v-ger could complete its mission... wait...
Admin
I hope she was worth it.
Admin
I've been in his exact shoes. A salesman for the company I worked for once told me "my job is to lie to customers and your job is to make me look good."
Admin
This WTF actually had a punch line! WTF!
Admin
So one person at the client holds enough sway to force a gross misuse of funds and resources, all so she doesn't have to remember another username and password.
I wish I could call shenanigans on this, but it's entirely too believable.
Admin
Sales people, together with customers, will be the first ones up against the wall when the revolution comes!
Admin
They didn't like the idea of relying on headers, becuase headers can be faked. But they're cool with relying on cookies?!
Admin
And noooo one bothered to ask at any point "how many clients would need to be logged in at once?" for session reasons? Or for failover? Or for any other countless reasons?
I feel this issue would have come up at one point or another.
Admin
No wonder our health care costs are skyrocketing.
Admin
Admin
I think I just threw up in my mouth a little.
Admin
Admin
It's not like thay didn't pay for it. Money is money.
Admin
and the obvious solution would have been:
tape the password to the screen
Admin
Passing comment: Gerald was asked to implement a solution that had already been decided, rather than to select a solution for a problem. OK, this happens sometimes. It appears, though, that the solution had been selected by the salesdoofus or the client, more likely both together, based on technical ignorance. This, too, happens sometimes.
Gerald then raised the level of WTF by applying his own ignorance (to be charitable, perhaps we could call it "gaps in his knowledge", but I'm not in a charitable mood today) and setting the tone by beginning with "It's impossible". No, it's not impossible. It's software, of course it's possible. (I'm being deadly serious here. Code is the most flexible and adaptable construction material known to man.)
As the very first poster pointed out, client certificates are the correct solution to this problem. As it stands, in two years' time, nobody at the client will remember how the authentication works, and will turn off the local token server, or renumber the network, or give the recalcitrant idiot user a new machine so its DHCP-granted IP address changes. Then the RIU will not be able to connect, and that's the end of that.
Admin
Admin
Pfft dirty socialist National Health Service FTW
Admin
Not to mention source IP is easily spoofable or hijackable, and anyone could pose as the Single Sign One.
Also, +1 to client certificates. It's the only real secure solution not involving passwords once Kerberos was ruled out.
Admin
I'm sure it did....but why should that make any impact on anything, it's a sale!
Admin
Admin
Who actually bothers trying to remember all this crap anymore? Way too many logins and sites.
And yeah, there's client certificates, SAML, OpenID... but if the only problem is that she can't remember her passwords, why not go for the solution that costs precisely nothing to implement?
Admin
So, how big was the sale?
Of course, if they lost money on it, it's Gerald's fault for not being a team player. :-)
Admin
Yeah, it was some sort of embedded platform, but there was a filesystem. Anyway, this is not the point here. The important thing is that the device would store info until it approached a RF base-station, when it would then handshake and transmit everything stored in its memory to the "server".
WTFs piled up in that place, like the lack of ANY CVS at all (a story for another day.) But one day my boss called me and told me that we had closed a deal with a new customer. They had been promised that our devices could be used to track their trucks in real-time. And the funny part is that who promised it was no other than the company owner that didn't have a clue on technical stuff.
He backed off when his brother and business partner told him it was impossible for such a small company as theirs, but I surely wanted to attend the reunion where he told it to the customer.And I always wondered how he would suggest us to create our own GPS. Maybe we should start by launching our own satellite?
Admin
Admin
While it might be possible to get a single TCP Packet trough with a spoofed IP it becomes next to impossible when challenging the client ie.
Done - nearly unspoofable... That is unless you have hardware access to any router/wire in between the two endpoints...
Admin
Good sir, while i was first on Gerald's side, your view (plus first poster/client certificates etc.) has furthered my understanding and has gotten me to ask the right questions. Did not volume of users come up in any discussions? Was no client certification google'd? "Impossible" is not an acceptable answer, especially when you know you're about to implement a solution come up by a non-technical side of the business.
Half the reason i visit this place is to discover these kinds of decision pitfalls, avoid them and better myself and the industry. Or at least try to be less guilty.
Admin
I was thinking specifically of MITM/IP Hijacking when I said that. Which, I'll grant you, are relatively sophisticated attacks, and unlikely risks for obscure, low-value traffic.
Which is why you use client certificates, as has been noted, because they can protect against MITM when used properly.
Admin
Which you have to assume is the case. We are talking about medical data here, ACTUAL security matters.
Admin
I think in a statement like the grandparent port, the "our" could easily refer to us as a species.
Admin
IPv6.
Admin
Nope. Lego is. Or maybe plasticine.
Admin
./RemoteSlap --ExtraStrength --ExtraFast 10.1.23.97
Hum... that would be delightful.
Admin
Did the sale actually make money? With 3 weeks programming, 2 QA testing countless meetings and the cost of the hardware?
I bet the salesman still got his bonus for it.
Admin
$ lart --help Usage: lart [-w|--weapon weapon] [-h|--help] weapons: cluebyfour (default) sockwithcoinsinit thermonucleardevice (requires root privileges)Admin
Haven't you heard? If Steven Hawking were under the British NHS, he'd never have been allowed to live! (Yes, this argument was made seriously and defended here in the US.)
Admin
Admin
Wow.
Wow wow wow wow wow.
I've never commented before, but this inspired me to speak up.
Admin
Admin
So, just to be sure I understand this:
A person who is too dumb or lazy to remember one f*cking password is entrusted with patients' health care records ?
and/or
A person who is too bloody-minded to logon presumably wouldn't have a login for her PC either - so switching it on would give anyone access to the application ?
WTF!
Admin
On the up-side, NAT isn't an issue. All who've said to use the likes of SSL certificates, I'm agreeing.
Admin
The correct solution for this problem would've been a label maker, with which you type the users username and password and tape it to the monitor. Problem solved.
Admin
Admin
It took three solid weeks of development time, two weeks of QA testing, several thousand dollars in new hardware, and tens of thousands of dollars for an external HIPAA assessment
So, I work for a product development company, and five weeks of work (unless we're talking something like 5+ developers) is nothing. A tiny project. And several thousand dollars in hardware? That pales in comparison to the labor costs. Now, I know that IS a lot of money for one person to be able to log in without a login, but I got the impression the writer thinks that's a lot of money to spend in general. It's not.
Admin
My laptop has a fingerprint scanner - can't I use that to log on to the system? No, someone may chop your fingers off and steal your password!