Article 6Q95E CodeSOD: Private Passwords

CodeSOD: Private Passwords

by
Remy Porter
from The Daily WTF on (#6Q95E)

Lisa was working on a project she quite liked. The tech was cool, the problems being solved were interesting, and the team had a good working process. Company-wide, however, budgets were tight, and other projects were in much worse shape, so the project Lisa was on got put on pause, and her team was moved onto a different project.

Someone wanted to make sure that functions which had large side effects were only called in the right places. Now, most of us might use some mixture of public/private, clear documentation, and maybe some key flags and error checking to ensure this was the case.

This team had a... different approach.

// This is called so that Foo will unload all widgets before exiting.// It is currently only called from Form1.Closing(). A password is *required*. If not correct, this function immediately returns.public void UnloadAll(string pwd) { if (pwd == "FOO-> UNLOAD ALL") { ProcessRequest(RequestType.Unload, Environments.All); }}

The caller must supply a password to this method, otherwise it does nothing. I want to stress, this isn't a password we expect the user to type in (having that hard-coded in the application code is a different WTF), but instead is a token that the calling code must supply if they want the function to execute.

This entire project exists in a single .NET Assembly, and the keyword private is never used once.

otter-icon.png [Advertisement] Otter - Provision your servers automatically without ever needing to log-in to a command prompt. Get started today!
External Content
Source RSS or Atom Feed
Feed Location http://syndication.thedailywtf.com/TheDailyWtf
Feed Title The Daily WTF
Feed Link http://thedailywtf.com/
Reply 0 comments