• oheso (unregistered) in reply to Brent
    Brent:
    Some things are truly impossible. I have a friend who was once asked to write a program to verify that given pieces of code would halt.

    Easy. Is it from Redmond? It will halt.

    (Hello, Mr. Turing! Do you know how soon Mr. Godel will arrive?)

  • oheso (unregistered) in reply to Steve the Cynic
    Steve the Cynic:
    No, it's not impossible. It's software, of course it's possible. (I'm being deadly serious here. Code is the most flexible and adaptable construction material known to man.)

    Please block all undesirable e-mail. I insist on a 0% false positive rate as well.

    . . .

    Well?? Don't you have a solution yet? Come on, man! It's a clearly defined problem!

  • (cs)

    I don't really see the WTF here. The client got what they wanted, the company got loads of billed hours AND a new fancy feature to sell and best of all, the one user doesn't have to remember another password now!

    I'll admit I facepalmed when reading the final sentence, but if the client wants to pay and is happy at the result, WHY NOT!?

  • A. Coward (unregistered) in reply to Ren
    Ren:
    I don't really see the WTF here. The client got what they wanted, the company got loads of billed hours AND a new fancy feature to sell and best of all, the one user doesn't have to remember another password now!

    I'll admit I facepalmed when reading the final sentence, but if the client wants to pay and is happy at the result, WHY NOT!?

    Because, deep in one's tiny black developer heart, everyone wishes to believe they make a difference with their effort. And when it's for, erm... almost nothing -- the fact is demoralizing =)

  • Cheong (unregistered) in reply to Jaime
    Jaime:
    2. A workstation getting an IP from an unauthorized alternate source is not a flaw of the "Windows Server DHCP configurations", it could only be a flaw in the workstation design. Fortunately, a Windows workstation (any version back to Windows 3.1) will prefer to get an IP from the source that it got its last IP from. It will only consider a second source if the current source doesn't respond.
    Just note that most cheap DHCP server firmware that comes with cheap broadband router does not understand authorization machanism, and will still respond to DHCP requests (i.e.: they don't care to implement RFC 3118).

    Now your company's DHCP server has to compete with the rogue DHCP server for speed (response time).

  • Asdf (unregistered)

    TDWTF is TRWTF. A story about incompetent programmer, and four pages of idiotic comments. User too lazy to remember a password? Logins suck, most people use the same login for every site and/or write their login info on postit notes left on their monitors. Using the same password for every site is almost as secure as having no login whatsoever... Get user's login for some random site and you can access confidential medical information. Certificates are the way to go, especially in this case. Passphrases are ok too. Making users memorize countless logins MUST STOP. It's as ancient an idea as making users click on "save" button. Get on with the times.

    CAPTCHA: jumentum - wtf is jumentum?

  • (cs) in reply to Jaime
    Jaime:
    All a rouge DHCP server has to do is set up an Active Directory domain and authorize itself.
    What about DHCP servers that don't have makeup on?
  • Anonymous (unregistered) in reply to Asdf
    Asdf:
    TDWTF is TRWTF. A story about incompetent programmer, and four pages of idiotic comments. User too lazy to remember a password? Logins suck, most people use the same login for every site and/or write their login info on postit notes left on their monitors. Using the same password for every site is almost as secure as having no login whatsoever... Get user's login for some random site and you can access confidential medical information. Certificates are the way to go, especially in this case. Passphrases are ok too. Making users memorize countless logins MUST STOP. It's as ancient an idea as making users click on "save" button. Get on with the times.

    CAPTCHA: jumentum - wtf is jumentum?

    U mad?

  • LNotes sucks (unregistered) in reply to A guy..

    I bet that was Lotus Notes

  • (cs) in reply to Asdf
    Asdf:
    <snip> CAPTCHA: jumentum - wtf is jumentum?
    lern2google:

    For those who haven't realised the captchas are Latin: Latin, jumentum, neuter, meaning beast of burden.

    For those who want to stay on topic: Jumentum-SOC is a programming environment for LPC2000-based microcontrollers. (That's used in embedded systems, and no I won't finish the meme).

  • NotARealName (unregistered) in reply to steenbergh
    steenbergh:
    Sales people, together with customers, will be the first ones up against the wall when the revolution comes!

    You're forgetting the Marketers. They will be the 1st up against the wall in my revolution.

  • (cs) in reply to Cheong
    Cheong:
    Jaime:
    2. A workstation getting an IP from an unauthorized alternate source is not a flaw of the "Windows Server DHCP configurations", it could only be a flaw in the workstation design. Fortunately, a Windows workstation (any version back to Windows 3.1) will prefer to get an IP from the source that it got its last IP from. It will only consider a second source if the current source doesn't respond.
    Just note that most cheap DHCP server firmware that comes with cheap broadband router does not understand authorization machanism, and will still respond to DHCP requests (i.e.: they don't care to implement RFC 3118).

    Now your company's DHCP server has to compete with the rogue DHCP server for speed (response time).

    Doesn't matter. The first request will be a unicast to the known server. The cheap DHCP server won't even see the packet. After that doesn't get a response, the workstation will broadcast.

  • illtiz (unregistered) in reply to Quirkafleeg
    Quirkafleeg:
    Zolcos:
    They didn't like the idea of relying on headers, becuase headers can be faked. But they're cool with relying on cookies?!
    A strong # applied to well-chosen text would help, along with an encrypted connection.

    How is a pound supposed to help you?

  • (cs) in reply to Asdf
    Asdf:
    TDWTF is TRWTF. A story about incompetent programmer, and four pages of idiotic comments. User too lazy to remember a password? Logins suck, most people use the same login for every site and/or write their login info on postit notes left on their monitors. Using the same password for every site is almost as secure as having no login whatsoever... Get user's login for some random site and you can access confidential medical information. Certificates are the way to go, especially in this case. Passphrases are ok too. Making users memorize countless logins MUST STOP. It's as ancient an idea as making users click on "save" button. Get on with the times.

    CAPTCHA: jumentum - wtf is jumentum?

    Thanks for gracing us with another.

  • (cs) in reply to h143570
    h143570:
    This is a typical the case of inaccurate user requirements gathering.

    What was so inaccurate? They asked for a solution for a single signon, and got it.

  • fw (unregistered) in reply to the beholder
    the beholder:
    My Name Is Missing:
    I've been in his exact shoes. A salesman for the company I worked for once told me "my job is to lie to customers and your job is to make me look good."
    One place I once worked at was a company that created a sort of device to attach to trucks and forklifts, and it would log all their activities: current speed, gear, the time it was turned on and off, and whatnot. I'm sure there must be a simple name for this device, but I have no idea what it would be in english.

    Yeah, it was some sort of embedded platform, but there was a filesystem. Anyway, this is not the point here. The important thing is that the device would store info until it approached a RF base-station, when it would then handshake and transmit everything stored in its memory to the "server".

    WTFs piled up in that place, like the lack of ANY CVS at all (a story for another day.) But one day my boss called me and told me that we had closed a deal with a new customer. They had been promised that our devices could be used to track their trucks in real-time. And the funny part is that who promised it was no other than the company owner that didn't have a clue on technical stuff.

    He backed off when his brother and business partner told him it was impossible for such a small company as theirs, but I surely wanted to attend the reunion where he told it to the customer.And I always wondered how he would suggest us to create our own GPS. Maybe we should start by launching our own satellite?

    a tachometer

  • Roy (unregistered) in reply to UK Guy

    Dunno about that: the various NHS IT clusterWTFs over the last few years and ongoing could keep this site going for years.

    Captcha: augue. Community Server showing incipient signs of sentience?

  • Quirkafleeg (unregistered) in reply to illtiz
    illtiz:
    Quirkafleeg:
    Zolcos:
    They didn't like the idea of relying on headers, becuase headers can be faked. But they're cool with relying on cookies?!
    A strong # applied to well-chosen text would help, along with an encrypted connection.
    How is a pound supposed to help you?
    Hint: # ≠ pound…
  • crrctr (unregistered) in reply to Cad Delworth
    Cad Delworth:
    the beholder:
    a sort of device to attach to trucks and forklifts, and it would log all their activities
    That sounds like what we would call a tachometer.
    Nope, it's a tachograph.
    the beholder:
    WTFs piled up in that place, like the lack of ANY CVS at all
    You mean any VCS, of which CVS is just an instance (and about the worst imaginable).
    the beholder:
    And I always wondered how he would suggest us to create our own GPS. Maybe we should start by launching our own satellite?
    At your apparent level of expertise concerning GPS, it's good you didn't take it any further. GPS signals are freely available to everybody. For sending the data, use a mobile network.
  • Neal (unregistered)

    My lesson is that this programmer needed to ask way more questions.

    Both RSA and a dozen other companies have 'Secure USB Tokens' available.

    http://www.swekey.com/ http://www.rohos.com/welcome-screen/usbflash.htm

    If you know before hand that the system is NOT open ended w.r.t. the number of users, then hardware solutions become quite viable.

    Any enterprise system that is sold on the basis of number of seats (the common unit charge in SAAS apps) by definition does NOT have an open ended number of users.

  • Anon (unregistered) in reply to oheso
    oheso:
    Steve the Cynic:
    No, it's not impossible. It's software, of course it's possible. (I'm being deadly serious here. Code is the most flexible and adaptable construction material known to man.)

    Please block all undesirable e-mail. I insist on a 0% false positive rate as well.

    . . .

    Well?? Don't you have a solution yet? Come on, man! It's a clearly defined problem!

    No it's not. You haven't defined undesirable.

  • See Sharper (unregistered) in reply to Anon
    Anon:
    oheso:
    Steve the Cynic:
    No, it's not impossible. It's software, of course it's possible. (I'm being deadly serious here. Code is the most flexible and adaptable construction material known to man.)

    Please block all undesirable e-mail. I insist on a 0% false positive rate as well.

    . . .

    Well?? Don't you have a solution yet? Come on, man! It's a clearly defined problem!

    No it's not. You haven't defined undesirable.

    Easy. Preview the email to the user with two buttons: Desirable and Undesirable. Don't deliver the Undesirable.

  • imMute (unregistered) in reply to Aaron
    Aaron:
    Am I the only person that read the bit about remembering logins/passwords and immediately thought, "Uh, Keepass?"

    I didn't actually think that, but I do use Keepass religiously. Only actually remember 2 passwords: my master pw and my university pw (which is just a subset of the master pw).

    Keepass remembers the rest.

  • KnightSword (unregistered) in reply to Steve the Cynic

    [quote user="Steve the Cynic"]No, it's not impossible. It's software, of course it's possible. (I'm being deadly serious here. Code is the most flexible and adaptable construction material known to man.) [quote] So is glue, but I have yet to see skyscrapers made with nothing but!

  • Annonymous (unregistered) in reply to KnightSword

    [quote user="KnightSword"][quote user="Steve the Cynic"]No, it's not impossible. It's software, of course it's possible. (I'm being deadly serious here. Code is the most flexible and adaptable construction material known to man.) [quote] So is glue, but I have yet to see skyscrapers made with nothing but![/quote] So is glue? No it isn't :) It's only useful for one thing...

  • Mr A (unregistered)

    I've had to deal with similar 'of course we can disobey the laws of physics' salesmen - the kind that promise everything including time travel.

    One place I worked at promised the ability to control access to resources on the internet - even on servers that we didn't own and had no access to. I lost my temper trying to explain why it was impossible and exactly how far the salesman could stick his head up his a$se.

    I was quite shocked when they outsourced the work to some shady back street company for 6 figures, and eventually purchased a mysterious box with lights.

    I wasn't shocked to be included in the first round of redundancies when the company found itself short of customers and money.

    I really wasn't shocked when the entire company went to the wall a few months later. Incompetence knows no bounds it seems.

    And the salesman? He found he'd lost his job while at a conference, and the sneaky turds repossessed his company car, cancelled his credit card and texted him his 15 minutes notice. How we laughed.

  • (cs) in reply to kindall
    kindall:
    See Sharper:
    We need to unionize, ...

    Why, are we ionized?

    Yes. Positively.

  • Dan (unregistered) in reply to java.lang.Chris;
    java.lang.Chris;:
    Steve the Cynic:
    Code is the most flexible and adaptable construction material known to man.

    Nope. Lego is. Or maybe plasticine.

    Sellotape

  • Here's a nickel, kid... (unregistered) in reply to Annonymous
    Annonymous:
    KnightSword:
    Steve the Cynic:
    No, it's not impossible. It's software, of course it's possible. (I'm being deadly serious here. Code is the most flexible and adaptable construction material known to man.)
    So is glue, but I have yet to see skyscrapers made with nothing but!
    So is glue? No it isn't :) It's only useful for one thing...
    What, associating DNS A records?
  • foxyshadis (unregistered) in reply to Jaime
    Jaime:
    Cheong:
    Jaime:
    2. A workstation getting an IP from an unauthorized alternate source is not a flaw of the "Windows Server DHCP configurations", it could only be a flaw in the workstation design. Fortunately, a Windows workstation (any version back to Windows 3.1) will prefer to get an IP from the source that it got its last IP from. It will only consider a second source if the current source doesn't respond.
    Just note that most cheap DHCP server firmware that comes with cheap broadband router does not understand authorization machanism, and will still respond to DHCP requests (i.e.: they don't care to implement RFC 3118).

    Now your company's DHCP server has to compete with the rogue DHCP server for speed (response time).

    Doesn't matter. The first request will be a unicast to the known server. The cheap DHCP server won't even see the packet. After that doesn't get a response, the workstation will broadcast.
    This is the theory. The practice is the opposite - you're wrong. If this was the case, my network would not have started going nuts about 6 hours after I accidentally plugged the wireless network (which at the time had a bunch of commodity routers all doing their own DHCP) into the internal network (which was an AD domain with the 2003 domain controller doing DHCP). They were all XP SP3 boxes, part of the domain, but they happily accepted when linksys started giving out IPs to people - then lost network connectivity since their gateway and subnet were totally wrong. Saw it happen to one Vista system too, we only had a handful at the time.

    Maybe you have some third-party DHCP client service that prevents this?

  • oheso (unregistered) in reply to Anon
    Anon:
    oheso:
    Steve the Cynic:
    No, it's not impossible. It's software, of course it's possible. (I'm being deadly serious here. Code is the most flexible and adaptable construction material known to man.)

    Please block all undesirable e-mail. I insist on a 0% false positive rate as well.

    . . .

    Well?? Don't you have a solution yet? Come on, man! It's a clearly defined problem!

    No it's not. You haven't defined undesirable.

    ... and hence pointed out the fallacy in the original assertion.

  • Mitur Binesderti (unregistered)

    Fake

  • Cheong (unregistered) in reply to foxyshadis
    foxyshadis:
    Jaime:
    Cheong:
    Jaime:
    2. A workstation getting an IP from an unauthorized alternate source is not a flaw of the "Windows Server DHCP configurations", it could only be a flaw in the workstation design. Fortunately, a Windows workstation (any version back to Windows 3.1) will prefer to get an IP from the source that it got its last IP from. It will only consider a second source if the current source doesn't respond.
    Just note that most cheap DHCP server firmware that comes with cheap broadband router does not understand authorization machanism, and will still respond to DHCP requests (i.e.: they don't care to implement RFC 3118).

    Now your company's DHCP server has to compete with the rogue DHCP server for speed (response time).

    Doesn't matter. The first request will be a unicast to the known server. The cheap DHCP server won't even see the packet. After that doesn't get a response, the workstation will broadcast.
    This is the theory. The practice is the opposite - you're wrong. If this was the case, my network would not have started going nuts about 6 hours after I accidentally plugged the wireless network (which at the time had a bunch of commodity routers all doing their own DHCP) into the internal network (which was an AD domain with the 2003 domain controller doing DHCP). They were all XP SP3 boxes, part of the domain, but they happily accepted when linksys started giving out IPs to people - then lost network connectivity since their gateway and subnet were totally wrong. Saw it happen to one Vista system too, we only had a handful at the time.

    Maybe you have some third-party DHCP client service that prevents this?

    Yup.

    Correct me if I'm wrong, but I somehow remember that even the local security policy is loaded AFTER the device drivers are loaded (so you don't see settings on blocking non-pre-approved driver from loading), and domain security is loaded even later (how if the user is logging in different domain?). There's no way such thing can actively affect how DHCP works, except you got some DHCP clients that read the settings from specific places in registry.

    The usual solution I've seen is to use GP script to force using DHCP server and renew IP after login to domain.

  • (cs) in reply to Your IP here

    Actually, it isn't. Just don't expect to receive any replies from the other side, as they will be sent to the fake source address. :)

  • Anonymous (unregistered) in reply to Dan
    Dan:
    java.lang.Chris;:
    Steve the Cynic:
    Code is the most flexible and adaptable construction material known to man.
    Nope. Lego is. Or maybe plasticine.
    Sellotape
    Come on man, everyone knows that duck tape > sellotape.
  • (cs) in reply to the beholder

    "He backed off when his brother and business partner told him it was impossible for such a small company as theirs, but I surely wanted to attend the reunion where he told it to the customer.And I always wondered how he would suggest us to create our own GPS. Maybe we should start by launching our own satellite?"

    Mobile phone, sending data over GPRS/Edge/3G? Would likely have been cheaper than a sattelite system, and could have provided the "real-time" data transfer...

  • (cs)

    One of the applications we develop for a client has machine names hard-coded in to the login system so that Mr Big Cheese at our client never has to login.

    When I started working here and found this I asked why we didn't just use SSPI; all I got were blank looks.

    That application makes me cry every time I have to look at it; that's just one example out of many of the WTFery in it.

  • enim lla, enim (unregistered) in reply to Quirkafleeg
    Quirkafleeg:
    Zolcos:
    They didn't like the idea of relying on headers, becuase headers can be faked. But they're cool with relying on cookies?!
    A strong # applied to well-chosen text would help, along with an encrypted connection.

    Strong hash is the ultimate cure.

  • (cs) in reply to davedavenotdavemaybedave
    davedavenotdavemaybedave:
    Your IP here:
    savar:

    And at that point, its not exactly "spoofing" is it? If you've subjugated a major router on an autonomous system, it IS your IP address now. (Indeed, its your whole CIDR subnet.)

    Well, yes, if you do it at the WAN level. But remember from the article, they're also worried about 'malicious employees'. If somebody with access the the LAN wants to get access, it's easy, particularly if the 'authorized' computer is down. Just statically assign the 'authorized' IP and connect. Or if anything tricky is being done with the DHCP server, just spoof the 'authorized' MAC or hostname, whatever the DHCP & co. are using for assignment. And so on...

    Depending on the network, you also don't necessarily have to get into ISP systems for MITM. Local gateways will do fine.

    A lot of Windows-based systems are secured so users can't assign their own IP. There's a lovely WTF all of its own here, though: if you plug a DHCP router into a port on a network, almost all normal Windows Server DHCP configurations will automatically hand control over to that router. Hey presto, IP control.

    This is a rather trivial thing to prevent, assuming that your servers are in a secure location. You do DHCP relaying and snooping in the switches, and also have 802.1x node authentication turned on. A malicious DHCP server will only see the authentication infrastructure until it authenticates correctly. If it does, then it will be able to exchange traffic with the rest of the network, but the network switch will still drop the DHCP server packets sent from that host. End of story right there.
  • (cs) in reply to Lod
    Lod:
    in which case you use arpspoof, and you're quite usefully any IP on the local (broadcast) network that you'd like to be. Or in between any two. Or you're the router, as far as the other machines on the network know. Granted this is limited to the local side, but that seems to be one of the areas this half assed scheme is supposed to be addressing.
    Any half-decent network switch should detect and filter invalid ARP replies. By invalid I mean those that do not match the addresses assigned by a trusted DHCP server.
  • (cs) in reply to the beholder
    the beholder:
    Gerald (not this Gerald though):
    I'm curious how long ago this was as it seems pretty doable today simply by accessing GPS for location data and using a provider like AT&T or Verizon's cellular network to upload the data in real-time back to a service.
    This was about 6-7 years ago, before GPS became the hype. It is not that hard to that today, but there is no way in hell that we would manage it back then within these constraints: - Deadline in a couple of months as with every project there, no matter how big or small; - Only two developers. Those were me (a part-time intern) and my ex-boss; - Zero knowledge about the data from the cellular network; - Your solution would require changes that would heavily raise the cost on hardware. The price of each device was already settled when the airhead owner promised cake. - We couldn't stop supporting the current customers to dedicate ourselves to a new project. I already said there were WTFs plenty out there and so we could only dream of a week with just two or three bugs reports.
    GPRS modems were available back then all right, same goes for OEM GPS receivers. As for the hardware cost, around year 2002 it'd have cost you ~$400 to put together a prototype, and less in small volume production. The real problem you had was lack of someone who knew all that. The actual development would have been fairly easy: gather the data from sensors and GPS, and send a GPRS packet. All that in a loop. The only configuration to the system is the server address where the GPRS packets should go, and some unique "node ID" -- that can come right from the SIM card. From what you said, you're right that you were understaffed at that time. You'd have needed an extra dedicated hardware/software guy to work on it. The "brains" of the system could have been a Basic Stamp or some other cheap controller module, pretty much, maybe with an external serial SD card for data logging.
  • (cs) in reply to chrismcb
    chrismcb:
    Cad Delworth:
    the beholder:
    a sort of device to attach to trucks and forklifts, and it would log all their activities: current speed, gear, the time it was turned on and off, and whatnot. I'm sure there must be a simple name for this device, but I have no idea what it would be in english.
    That sounds like what we would call a tachometer.
    YOU might call it that, but the rest of the English speaking world wouldn't. A tachometer typically displays RPMs.
    Sure, coz Cad is wrong. Those are called tachographs.
  • (cs) in reply to Mr A
    Mr A:
    I've had to deal with similar 'of course we can disobey the laws of physics' salesmen - the kind that promise everything including time travel.

    One place I worked at promised the ability to control access to resources on the internet - even on servers that we didn't own and had no access to. I lost my temper trying to explain why it was impossible and exactly how far the salesman could stick his head up his a$se.

    Either I don't get something, or you're talking about a slightly more capable proxy server. ?!

  • (cs) in reply to foxyshadis
    foxyshadis:
    This is the theory. The practice is the opposite - you're wrong. If this was the case, my network would not have started going nuts about 6 hours after I accidentally plugged the wireless network (which at the time had a bunch of commodity routers all doing their own DHCP) into the internal network (which was an AD domain with the 2003 domain controller doing DHCP). They were all XP SP3 boxes, part of the domain, but they happily accepted when linksys started giving out IPs to people - then lost network connectivity since their gateway and subnet were totally wrong. Saw it happen to one Vista system too, we only had a handful at the time.

    Maybe you have some third-party DHCP client service that prevents this?

    Umm, what kind of lame network switch do you use that cannot prevent all that? A rather cheap $300 managed switch, like HP2626 off eBay, will take care of all that for you.

  • (cs) in reply to Cheong
    Cheong:
    Correct me if I'm wrong, but I somehow remember that even the local security policy is loaded AFTER the device drivers are loaded (so you don't see settings on blocking non-pre-approved driver from loading), and domain security is loaded even later (how if the user is logging in different domain?). There's no way such thing can actively affect how DHCP works, except you got some DHCP clients that read the settings from specific places in registry.

    The usual solution I've seen is to use GP script to force using DHCP server and renew IP after login to domain.

    TRWTF here is not using the correct network infrastructure. Dumb/unmanaged switches should be thrown out for such applications.

  • Design Pattern (unregistered) in reply to Quirkafleeg
    Quirkafleeg:
    illtiz:
    Quirkafleeg:
    A strong # applied to well-chosen text would help, along with an encrypted connection.
    How is a pound supposed to help you?
    Hint: # ≠ pound…
    WHOOOOOOOOSH!

    Hint: [url=http://thedailywtf.com/Articles/5_years_C-pound_experience.aspx]Pound{/url]

  • Vermis (unregistered) in reply to Buffled
    Buffled:
    bbot:
    Wow.

    Wow wow wow wow wow.

    I've never commented before, but this inspired me to speak up.

    I'm sorry - are you speaking or barking?

    Remember; On the internet, nobody knows you're a dog.
  • Another UK guy (unregistered) in reply to EatenByAGrue

    Stop spreading lies. Stephen Hawking would be dead now, if it wasn't for the NHS.

    Perhaps not the most reliable of sources, but try the links on to the Guardian with a quote from Hawking himself.

    http://www.huffingtonpost.com/2009/08/12/stephen-hawking-enters-us_n_257343.html

  • Pennant (unregistered) in reply to Sean
    Sean:
    Most of these comments are idiotic. So what if this implementation was for one user. At least now SSO is a feature of the product and someone paid you do add it to the product.

    Remember,everything a customer asks for enhances the product. Developer's job is to solve problems for clients, and if a client pays for a feature before its in the product...well then they just paid you to developer that feature, instead of you spending your own money.

    Sean

    Well except for the facts that, as has been pointed out: a) it's not really secure b) it should never have passed that HIPAA audit d) the people in the client's IT department who handled this SNAFU should be fired along with the HIPAA auditor, e) it's unlikely any half-competent client would accept this solution so repeat sales for amortizing the development costs are less likely,

  • Zeo woods (unregistered)

    Dude thats the only way to go. It just doesnt get any better.

    Lou www.big-brother-watching.net.tc

Leave a comment on “The Single Sign On”

Log In or post as a guest

Replying to comment #:

« Return to Article