Article XMWH Tales from the Interview: Secure Portfolio

Tales from the Interview: Secure Portfolio

by
Jane Bailey
from The Daily WTF on (#XMWH)

256px-Atari_Portfolio_Photomanipped.jpg

"Heeey, Sean ..." Aisha's tone was cloying as she poked her head around the divider of Sean's cube, still seated on her desk chair.

"No," he joked, looking up from his work.

She laughed, weakly. "Listen, John's sick, probably out the whole week. Can you interview this new dev candidate?"

Glancing at his calendar, Sean sighed. "Sure. When will he be here?"

"An hour from now. Here's his code sample, good luck!" She thrust some papers into his hand and rolled away, leaving Sean dumbfounded.

Great, he thought. What am I in for?

Figuring he'd at least familiarize himself with the sample, toss the guy the usual softball questions, and get a feel for him, Sean flipped through the stack of printouts. Oddly enough, along with his PHP code, the candidate had submitted a SQL dump.

"Thoughtful of him," Sean murmured. "Weird, though ... this test data looks very real."

Then he flipped over the page and found the CREATE TABLE for the USERS table. What followed were a hundred insert rows, all with passwords like "==AUWZEdZhlTT1UMaVXTWJVU".

"Is that ... Base 64, reversed?" Sean wondered, flipping to the PHP code in horror. Sure enough, he found the following in "Security.php":

function encode5t($str){ for($i=0; $i

"Because just one encode-and-reverse wasn't enough," Sean snarked, rolling his eyes, then raised his voice to be heard over the cube wall. "On second thought, Aisha, I'm feeling under the weather myself. Better call the guy and cancel."

And maybe call his previous employer and let them know about the data breech while we're at it, he thought.

inedo50.png[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated! TheDailyWtf?d=yIl2AUoC8zABU7xjEG41L4
External Content
Source RSS or Atom Feed
Feed Location http://syndication.thedailywtf.com/TheDailyWtf
Feed Title The Daily WTF
Feed Link http://thedailywtf.com/
Reply 0 comments