- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Ouch. Of course the REAL wtf is this: "Once everything went into production"
Any ideas whose head(s) will roll?.....[6]
Admin
Most people would know that the application talked about is a C++ application and does not have such a thing as a null pointer exception. The null pointer exception here is called SIGSEGF on Linux and some other constant in Windows' SEH mechanism, and neither is really suitable for this task.
It's not deleting the object, it's just setting the pointer to NULL. Setting the this pointer to NULL from a different thread is not possible anyway.
Of course, that doesn't change the fact that the multiple threads accessing the same pointer is still a WTF.
Admin
Anyone above questioning the wtfness of this saying its easy to make the SOAP calls stateful using packets needs to stop programming.
There are a couple fundamental problems with this encryption strategy that a simple kludge like SOAP packets isn't going to address:
1.) Encryption over the network. I shudder at the thought, talk about adding a massive failure point into the most necessarily secure piece of code. 100% retarded.
2.) Using 3 calls when 1 would do. Why oh why would you ever do 3 soap requests when 2 of them are essentially setting properties???? Even if they didn't run into the race condition, tripling the network latency meaningless is beyond retarded. It reminds me of the old J2EE Entity beans where every property setter would cause a full blown transaction on the database.
Admin
The C# fix to that little testing problem for this==NULL;
lock(this){
//statements
}
I'm sure there's some way to implement a critical section in your system.
Admin
It seems to be Java code. Nethertheless in J2EE word, EJBs can implement it very simply. So, this WTF is a small bug. But, it's a serious mistake in conception ...
Admin
Obviously, the encryption should have been performed by an outsourced service on another network:
Function encrypt(data As String) Dim r As HttpRequest r = New HttpRequest("http://service.encryptforme.com/encrypt.asp", "post") r.Body = "data=" & UrlEncode(data) & _ "&key=" & MY_KEY & _ "&method=" & MY_ENCRYPTION_METHOD r.Execute() Return r.Response End Function
I think this approach is bullet-proof.
Admin
You mean Oliver Klozov, the famous nude photographer, is also doing contract development in his free time? Heh.
Way to go Alex -- this is the best anonymization I ever saw in here. Too bad the joke's totally lost on most of us devs. But then again, it's comforting to know that regulars of this site largely do not frequent adult sites.
Admin
Yes, I've seen this "doh" before. Because tools like WSDL2Java can so easily make web services look like classes, it is easy for an "inexperienced" programmer to think the service behaves like an object.
BTW, me first!
Admin
It's not impossible (not even hard) to make a webservice behave exactly like a statefull object. However, it is another case of WTF for us for some other day I think :)
Admin
Just to cut down on peoples' cases of missing-the-WTF, Alex over-anonymized this one a bit (although I must say, he did an excellent job of keeping the original WTF intact).
This component was actually a COM library exposing different classes, for example:
set foo = CreateObject("Encryption.Encryption1")
set bar = CreateObject("Encryption.Encryption2")
Originally, these were actually separate libraries with hardcoded keys (actually, for security, the keys were split in two; half were embedded in the executable and half were supplied by external means.). As part of our Enterprise .NET initiative, a contractor rewrote these components into a single .NET assembly exposing all of the COM objects. The assembly merged the common parts (they all used the same set of encryption algorithms, just with different parameters); the different constructors would all construct a common Encryption object, like this:
public Encryption1() {
this.enc = new Encryption();
enc.SetType("12345");
enc.SetKey("ABCDE");
}
public Encryption2() {
this.enc = new Encryption();
enc.SetType("54321");
enc.SetKey("FGHIJ");
}
Great, except for the fact that Encryption.SetType() and Encryption.SetKey() stored everything in static fields.
So if you had to use two types of encryption...
enc1 = new Encryption1();
enc2 = new Encryption2();
passenc = enc1.Encrypt("password"); // encrypts with Encryption2's settings
crosses fingers and hopes this posts correctly
Admin
Technically, it should have only been one call to the Web service with a return value for the result. Under the hood, each call to a Web service method makes a new HTTP request passing an XML formatted message and receiving a reply.
There shouldn't need to be any use of a session variable at all, since there is no need for this type of service method to be a "chatty" call. The key, type and information (or reference) to what needs to be encrypted can be passed in one fell swoop, only requiring one request instead of several requests to do one operation.
Admin
<FONT face=Garamond color=#a52a2a>IMHO, I think that consolidating the encryption tech into one "service" (substitutue "library" or any other word of your choosing) like that is possibly a small WTF .</FONT>
<FONT face=Garamond color=#a52a2a>Going down that road, the object-oriented "yellow brick" road, could lead to even bigger headaches. Hopefully, when something like this is implemented, you won't have to change this concentrated code that touches everything under the sun. If you do have to change or completely revamp the "service" (like these folks), you'll end up regression testing *ALL* of those silly applications consuming that service - a testing nightmare complete with scarecrows and flying monkeys.</FONT>
<FONT face=Garamond color=#a52a2a>Am I insane?</FONT>
[:#]
Admin
[sarcasm]But I thought that web servers only handled one transaction at a time.........[/sarcasm]
Ingenious. Since requests will never be in order, nodoby can possibly decrypt anything! Take THAT, crackers!
Admin
Oh. My. Lord. Each call is an individual request. Each request is handled from a pool of threads. The threads are stateful. There's nothing guaranteeing all the requests in a single "transaction" go to the same thread.
I'm going to need a quart of tequila to rinse this one out of my brain.
Admin
You got it wrong, Yo mama (with some ambiguous input from me)
I should have coded (in the obscured sample) pSomeObject as m_pSomeObject.
You see: m_pSomeObject is the member of a particular class. An instance of the class was in the process of executing the first line where m_pSomeObject got modified.
In second case, you got INTO the m_pSomeObject and THEN check for validity of the 'this' pointer.
Admin
I find it hard to follow this logic, or as I should probably say: That's the real wtf!
Haven't they ever heard of the term "code reuse"? I really don’t get it. Why would you use a web service for this?
<o:p> </o:p>Why not just say that since all of both Firefox and Photoshop need to calculate the positioning of different pixels, it will all be done using a web service?
Admin
I don't see a WTF in allowing the multiple threads to access the same pointer.
I routinely create thousands of fixed objects where one thread responds to events occurring in any of these objects while another thread comes around checking for any timer-related events that need to be GENERATED. (Guess I should be more specific in defining the events to make myself clear and justified, but I cannot do that without risking my anonymity)
Admin
Man. The WTF here isn't JUST that this crack dev team was clue-less on the nature of web services, but on the nature of services, or even oop, in general.
WHAT THE HELL is the point of making all of your clients
1) know their encryption keys
2) send them up in plain text to a WS?
The point of a web service would be to:
1) ENCAPSULATE encryption
2) protect the keys.
Meaning that consumers might pass in some identifier which would be used to determine what KIND of encryption/decryption (including the keys) was desired.
Admin
CORBA sucks because you end up making lots of network calls to manipulate an object. We switched to Web Services because now we only make ... umm... wait...
Admin
I'd really get a laugh out of this if they decide to use SSL to send the plaintext keys. Encrypting to encrypt.
Admin
I don't understand . . . someone care to explain?
Admin
Uh.. Am I the only one who finds it wierd to send (presumably plaintext) messages to a webservice so that they can be "securely encrypted."
WTF
Admin
OK, ignoring the fact that the requirement for encryption via a web service is WTF all in itself, what the hell are sesssions going to do for it? What's wrong with:
encWebSrvc = new EncryptionWebService(SERVICE_URL);
return encWebSrvc.Encrypt("CFB64", "42B9657F-0E9A-44EC-BCC2-F1E38770B0C2", transactionLog);
I guess encryption isn't slow enough by itself, so they had to make not 1, not 2, but 3 latency filled HTTP calls. That's just brillant.
Admin
Here's a thought - try reading all the preceeding posts before you yourself post.
Admin
Admin
The real WTF is that they're using method "setPrivateKeyId" when requesting encryption. The method is obviously misnamed, they meant to call it "setKeyPairId".
Anyway, nice. They're sending key IDs, but the content goes over the network in plaintext in both directions.
Hey I know, let's take care of the transmitted-in-plaintext problem by using a HTTPS transport. With that, the connection to... the encryption... server... is... encrypted...
There's still something wrong with this. Ummm...
I know! Let's not only send key IDs, but also plaintext IDs and encryption IDs. This way, the ciphertext is never transmitted over the network.
Client: "Hey, server, I need to encrypt transaction log with id 4CCA08D2-DAF7-11DA-9061-F1E38770B0C2 using key pair id 42B9657F-0E9A-44EC-BCC2-F1E38770B0C2 and algorithm CFB64."
Server: "Sure thing! Use ciphertext id 42A81B0A-DAF7-11DA-A9E4-F1E38770B0C!"
Client: "Nice! What's a ciphertext id, anyway?"
Server: "Beats me. What's a transaction log id, anyway?"
Admin
I don't think advocating a method like:
but rather instead:
>I really don't see how this way conctrates the code anymore, but still concentrating network traffic. Not to mentioning completely removing need for a stateful webservice.Admin
First???
I love the idea of clear-text data floating over the network to be encrypted being regarded as inherently more secure than encrypting it before sending...
Admin
By the "three consecutive requests" explanation, it seems to be a problem with synchronization in a multi-threaded environment. I guess the encryption settings were stored statically, or in some kind of global object, and kept overwriting each other. But what do I know...
Admin
That is nothing. I just had to write a queer piece of code myself:
BOOL SomeClass::TestSomething()
{
if(this == NULL)
return FALSE;
TestSomethingAndReturnResult;
}
The reason was the earlier piece of code:
return (pSomeObject == NULL)?FALSE:pSomeObject->TestSomething();
was crashing occasionally because some other thread would come and change pSomeObject to NULL in between the
first part and second part of that line.
Any kind of synchronization object was out of question because that line was being called for a few thousand objects
every few milliseconds by THIS thread, not to mention the OTHER thread where pSomeObject was being modified.
Erm, that doesn't fix the problem. Couldn't the other thread still change pSomeObject to NULL during TestSomethingAndReturnResult()?
Admin
QA of course. They are paid to be the fall guys.
Admin
Not too bright, but hardly worthy of a WTF. It's not like he's the first programmer to introduce a race conditioning or forget to enable session keys. I can easily envision a perfectly talented programmer screwing this up on a bad day.
Admin
return (pSomeObject == NULL)?FALSE:pSomeObject->TestSomething();Change the member to
add a check for FileNotFound and take an early lunch. (Though make sure you spawn a new thread to do a separate check, to help preempt any unexpected thread scheduling.)
Admin
As the crack team built SOA with with crumple zones and loose coupling, the application surely gracefully degrades and operates without the encryption service, using a no-op local cypher.
With plaintext keys no longer being sent, there is less chance of keys being obtained by an intermediary. So, the graceful degredation gives the application even greater protection when it needs it most during external service instability. Brilliant!
Admin
BAD COMBOS:
mod_php + Apache + gettext + nowdays OS libs where not thread safe.
AND gettext required changes on enviroment keys, that are global on threads.
result: multilugual chaos
(fortunally enough, easy to solve)
Apache2 (a thread based application) + poorly written regular expresions + windows
result: 100% cpu, Apache2 freezze, no network IO.
--Tei
Admin
My heartfelt thank you to CornedBee for demonstrating that there is somebody else on this board with a grasp of how a computer actually works.
IMO everybody else posting about threads has a lot to learn (and thus realise the total paradign shift in app design of single vs multi-threading).
Admin
Doh! I totally missed that completely obvious pseudonym. Am I the only one who missed All Of Her Clothes Off?
Admin
you mean you did that on accident? amazing.
Admin
*Sigh* Do people ever learn? Maybe this is a place for a new rule of thumb in sw project management: "Whenever things go wrong, start investigating where the most confident and arrogant developers have been playing."
Admin
<font size="2">I belive that C++ has an incredible feature known as...local variables. In other words, instead of adding a dreadful NULL check in the method itself, you could have simply changed the call sites to:
ptmp = pSomeObject;
return (ptmp == NULL) ? FALSE : ptmp->TestSomething();
Of course, you'd better be sure that pSomeObject was declared as a volatile pointer...
</font>
Admin
first:p
Admin
Don't they know what "stateless" mean?
Admin
Apparently there is a lot of confusion on how to use these these WS service thingies on the Daily
It should have been implemented.
Admin
Simon
Admin
Each app is generating a separate request to specify their key to the web service and to then encrypt using that private key. But in-between specifying the key and encrypting, another application would make their request to specify THEIR key, so when the first app asked for their data to be encrypted, it would be done using the second app's key. Hence the reference to "race condition".
Simon
Admin
I am not into web services, but couldn't this easily be solved using some sort of sessions ...
Btw: first!
Marty
Admin
It's a sort of Transaction-based Timecapsule
Admin
Maybe the example given was not a call for encryption, but for signing...
Admin
... or between the (pSomeObject == NULL) test and the dereferencing of TestSomething(), or at anytime during TestSomethingAndReturnResult?
Seriously, WTF?
Today's proper WTF isn't that WTF to me; OK so they forgot about race conditions or atomicity of transactions. Not a major problem to fix.
Admin
There are several problems with the above:
1. Encryption should be done on the same computer, otherwise unencrypted data can be sniffed.
2. The encryption should be on one call ie. Encrypt(string type, string key, byte[] data).
This avoid 2 calls and allows the server to do proper locking (if the encryption is not thread-safe).
3. If you want to avoid code duplication use a library not a web service.
4. The web service introduces a single point of failure (encryption server goes down) for several applications.
This is not security. It's stupidity!