Client sided login
-
This JavaScript code powers a 1,500 user intranet application : programminghorror[^] So many things wrong with that...
What do you get when you cross a joke with a rhetorical question? The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism. Do questions with multiple question marks annoy you???
That can't be real. Come on. How stupid an entire team has to be to let this run in production. Has to be a joke. And if this is intranet, why are you bothered with form based authentication? Just do AD look up or something.
"It is easy to decipher extraterrestrial signals after deciphering Javascript and VB6 themselves.", ISanti[^]
-
That can't be real. Come on. How stupid an entire team has to be to let this run in production. Has to be a joke. And if this is intranet, why are you bothered with form based authentication? Just do AD look up or something.
"It is easy to decipher extraterrestrial signals after deciphering Javascript and VB6 themselves.", ISanti[^]
I want to believe this is a joke too and that an entire team cannot be that stupid... But I'm not so sure :sigh: I once worked for a company who had their own "security framework". The idea was that you entered a username and password, the application would use those to login to SQL Server and if that succeeded you were logged in. So a user in SQL Server was a user in the system and a user in the system couldn't exist without a user in SQL Server. It supported Windows authentication too. The application had a form to enter new users and those users would be added in SQL Server too. It was a WinForms application on intranet so I guess it wasn't much of an issue, but it's really not how to do authentication :wtf: I think we ran into some issues at one point though. They built it when I was already an employee and I advised against it and advised a more "traditional" approach, but I was just a junior back then and according to the technical director this really was the best method. Cost him months to build too :laugh: I just remembered the issue we ran into! After a backup or some such, all users ended up being "orphaned" and everybody lost access to the database and the application. Happened more than once too. A 200+ employee company :laugh:
Best, Sander sanderrossel.com Migrating Applications to the Cloud with Azure arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
This JavaScript code powers a 1,500 user intranet application : programminghorror[^] So many things wrong with that...
What do you get when you cross a joke with a rhetorical question? The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism. Do questions with multiple question marks annoy you???
I have a hard time believe that it is real...
"The only place where Success comes before Work is in the dictionary." Vidal Sassoon, 1928 - 2012
-
This JavaScript code powers a 1,500 user intranet application : programminghorror[^] So many things wrong with that...
What do you get when you cross a joke with a rhetorical question? The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism. Do questions with multiple question marks annoy you???
I don't see the problem :confused: Just disable the dev tools on the login page so no-one can see the api call.
-
I want to believe this is a joke too and that an entire team cannot be that stupid... But I'm not so sure :sigh: I once worked for a company who had their own "security framework". The idea was that you entered a username and password, the application would use those to login to SQL Server and if that succeeded you were logged in. So a user in SQL Server was a user in the system and a user in the system couldn't exist without a user in SQL Server. It supported Windows authentication too. The application had a form to enter new users and those users would be added in SQL Server too. It was a WinForms application on intranet so I guess it wasn't much of an issue, but it's really not how to do authentication :wtf: I think we ran into some issues at one point though. They built it when I was already an employee and I advised against it and advised a more "traditional" approach, but I was just a junior back then and according to the technical director this really was the best method. Cost him months to build too :laugh: I just remembered the issue we ran into! After a backup or some such, all users ended up being "orphaned" and everybody lost access to the database and the application. Happened more than once too. A 200+ employee company :laugh:
Best, Sander sanderrossel.com Migrating Applications to the Cloud with Azure arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
We were lucky our users were enormous digital illiterates :laugh:
Best, Sander sanderrossel.com Migrating Applications to the Cloud with Azure arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
That can't be real. Come on. How stupid an entire team has to be to let this run in production. Has to be a joke. And if this is intranet, why are you bothered with form based authentication? Just do AD look up or something.
"It is easy to decipher extraterrestrial signals after deciphering Javascript and VB6 themselves.", ISanti[^]
lw@zi wrote:
How stupid an entire team has to be
Just because it's a mid-sized organisation doesn't mean there's an "entire team". All too often the "IT Department" is one person (as a freelancer, I've been the "IT Department" to quite a few companies of that size and above). It may not even be an IT professional - this may be a tool knocked up for personal use, spotted by a manager, who said "roll that out to everyone and stick a username/password check on the front". If it's someone who spent 5 hours learning basic Javascript but no other IT background, it's no surprise stuff like this goes live. And it works so the manager would probably be delighted. What I wonder more about is
if ("true" === "true") {
return false;
}Why???
-
This JavaScript code powers a 1,500 user intranet application : programminghorror[^] So many things wrong with that...
What do you get when you cross a joke with a rhetorical question? The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism. Do questions with multiple question marks annoy you???
-
This JavaScript code powers a 1,500 user intranet application : programminghorror[^] So many things wrong with that...
What do you get when you cross a joke with a rhetorical question? The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism. Do questions with multiple question marks annoy you???
-
lw@zi wrote:
How stupid an entire team has to be
Just because it's a mid-sized organisation doesn't mean there's an "entire team". All too often the "IT Department" is one person (as a freelancer, I've been the "IT Department" to quite a few companies of that size and above). It may not even be an IT professional - this may be a tool knocked up for personal use, spotted by a manager, who said "roll that out to everyone and stick a username/password check on the front". If it's someone who spent 5 hours learning basic Javascript but no other IT background, it's no surprise stuff like this goes live. And it works so the manager would probably be delighted. What I wonder more about is
if ("true" === "true") {
return false;
}Why???
-
-
I especially liked the
<!-- todo: put this in a diferent file -->
Yeah buddy, that's the biggest issue here...
"Five fruits and vegetables a day? What a joke! Personally, after the third watermelon, I'm full."
-
This JavaScript code powers a 1,500 user intranet application : programminghorror[^] So many things wrong with that...
What do you get when you cross a joke with a rhetorical question? The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism. Do questions with multiple question marks annoy you???
-
I want to believe this is a joke too and that an entire team cannot be that stupid... But I'm not so sure :sigh: I once worked for a company who had their own "security framework". The idea was that you entered a username and password, the application would use those to login to SQL Server and if that succeeded you were logged in. So a user in SQL Server was a user in the system and a user in the system couldn't exist without a user in SQL Server. It supported Windows authentication too. The application had a form to enter new users and those users would be added in SQL Server too. It was a WinForms application on intranet so I guess it wasn't much of an issue, but it's really not how to do authentication :wtf: I think we ran into some issues at one point though. They built it when I was already an employee and I advised against it and advised a more "traditional" approach, but I was just a junior back then and according to the technical director this really was the best method. Cost him months to build too :laugh: I just remembered the issue we ran into! After a backup or some such, all users ended up being "orphaned" and everybody lost access to the database and the application. Happened more than once too. A 200+ employee company :laugh:
Best, Sander sanderrossel.com Migrating Applications to the Cloud with Azure arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
I had a client that was doing the same thing - fortunately they were updating their web app so I was able to rip all that out. However they also had code that would record every login event to a log file, recording the username and password in a publically accessible plain text file (within their LAN).
-
This JavaScript code powers a 1,500 user intranet application : programminghorror[^] So many things wrong with that...
What do you get when you cross a joke with a rhetorical question? The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism. Do questions with multiple question marks annoy you???
Someone went to a coding-bootcamp, and was so great at his work his code needn't be reviewed :laugh:
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^] "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
