• (nodebb)

    For those not familiar with .net, yes, there are free secret stores available for decades now. And a ton of commercial products for big enterprises. There's no need for hack like this.

  • Hanzito (unregistered)

    Idiots. Hard-coding secrets. They should have done it like real programmers.

    const fristSecret = "xxxxxxxx-xxxxxx+xxxxxxx+xxxxxx-xxxxxx-xxxxxx+xxxxx";
const sencodSecret = "yyyyyyy-yyyyyy+yyyyy+yyyyy-yyyyy-yyyyy+yyyy";
  • tee (unregistered) in reply to MaxiTB

    But how does one get stuff out of said free secret store? (Presumably using a hardcoded secret store secret)

  • (nodebb)

    It would still be offensive if the application read the token from a file - encoded or otherwise - but only slightly less so.

  • (nodebb)

    You'd rather it said return (token == a || token == b) ?

  • Joe (unregistered)

    They could have hard-coded date ranges over which those tokens are valid if they wanted the old token to work for a little while longer, since they're in the hard-coding mood. I get it, that only fixes one of the horrible WTFs, but I'm all about fixing one thing at a time.

  • Spencer (unregistered) in reply to davethepirate

    Most likely they want "return token.equals("xxxxxxxxxxxxxx")"

  • Iffy (unregistered)

    I don't mind the early-return pattern in small, select cases, but it bothers me that they used an else. If the first one matches, it will return, so successive lines are inherently an else clause. Of course, there's the other part - which annoys Remy more - if (cond) return true` or conditionals/ternaties? Of course, now the analyzers would recommend using a switch expression instead.

  • (nodebb) in reply to tee

    But how does one get stuff out of said free secret store? (Presumably using a hardcoded secret store secret)

    My CI pipeline gets secrets from the secret store by authenticating using it's Windows Active Directory account. We even limit that access to a list of IPs to add another layer of protection.

    For token authentication, we just use an RsaSecurityKey and the service is only configured with the public key. The private key lives only on the authentication infrastructure.

  • DigitalBits (unregistered)

    if (cond) return X; is a great pattern if the function is longer than ~3 lines. There's nothing worse than if (cond) { ...50 lines; } return X; In this case, I'd just do return cond || cond2;

  • (nodebb) in reply to tee

    (Presumably using a hardcoded secret store secret) I imagine they need a secret store secret secreter to secrete the required secret store secret to then get the secrets stored by the secret store.

  • (nodebb)

    Bah. I give up on this Markdown nonsense / lack of preview / lack of ability to edit. Thought I had enough new lines in there.

  • Tinkle (unregistered)

    That is not a token, that is a string. A string that is being used as a password.

    A token should have a sender authentication mechanism.

    Now, being a password - why is it not being hashed? That would at least help a little.

  • (nodebb)

    Kaufen Sie verschreibungspflichtige Opioide. Kaufen Sie Cannabis. Marihuana. Codein. Fentanyl. Heroin, Hydrocodon. Hydromorphon. Methadon. Morphin. Oxycodon. Kokain. Heroin. Methamphetamin. Xnnax. Synthetische Opioide (Fentanyl). Schmerzmittel SMS/WhatsApp +14137589837 Telegram > t.me/RoysmithIT

    Anbieter hochwertiger Kush*-Schmerzmittel, Esswaren, Wax und alles rund um Kush: Pilze, THC-Gummis, Cola, Acid, Molly DMT, Meth und vieles mehr. Alle Arten von Schmerzmitteln sind ebenfalls erhältlich. Wir liefern und bringen sie auch wieder ab. SMS/WhatsApp +14137589837 Telegram > t.me/RoysmithIT

    Kaufe Schmerzmittel, Marihuana, Opioide und mehr ohne Rezept oder Versicherung. Kaufe Schmerzmittel, Marihuana, Opioide gegen Angstzustände, Schmerzen, Depressionen, Phentermin und mehr.

    Brauchst du dringend Medikamente ohne Rezept oder Versicherung? Hat dein Arzt deine Medikamente reduziert oder geändert? Täglich begehen Tausende Selbstmord aufgrund der Opioid-Hysterie der Pharmaindustrie.

    Viele Familien werden eines normalen Lebens beraubt, weil Menschen aufgrund der Schmerzen, die behandelbar wären, ihren Verpflichtungen nicht nachkommen können. Nicht jeder ist süchtig, und viele brauchen einfach genug, um ein normales Leben zu führen.

    Viele Menschen in Not leiden unter unerträglichen chronischen Schmerzen. Chronische Krankheiten, Angstzustände, Depressionen, Fibromyalgie, PTBS, Krampfanfälle usw. Wir bieten eine sichere und legale Möglichkeit, Medikamente ohne Rezept oder Versicherung an Bedürftige zu liefern. Schmerzmittel aller Art, Elite-Qualität, erstklassiges Marihuana gegen Angstzustände, Schmerzen, Depressionen, Phentermin und mehr. Wir liefern Pillen, Kartuschen, Vapes, Wachs, Dabs, Esswaren, Kekse, THC-Gummibärchen, Pilze, Pre-Rolls usw.

    Kontaktieren Sie uns und wir helfen Ihnen, die Linderung zu finden, die Sie brauchen. [email protected] WhatsApp +14137589837 {telegram > t.me/RoysmithIT

Leave a comment on “IsValidToken”

Log In or post as a guest

Replying to comment #683043:

Log Out

« Return to Article