Our development team is understaffed and overworked. So what else is new? The requirements team needed some help. I drew the short straw. At this point, I am just going to slip the delivery date for some new stuff I was working on. You can’t keep typing me up in meetings if you want me to get some work done. But this post is about another anomaly here in development.
There was a trouble ticket that when users employ one of our applications to update a record, the UPDATED_BY field was not getting set. Another developer tried to research this problem. He asked me how he would know who is currently logged in doing the update. I told him we store this in our CWinApp MFC derived class. Sure enough there are strings in there for the user name and password.
Later I got a call back from this developer. He said he found the two data members in our class. However there was something screwed up with the values in those members. The user name variable was empty. And the password variable contained the user name. He was so busy that he just hacked in code that used the password variable to set who did the update.
At least he added a comment that this was a hack, and he confessed the wrongdoing to me. I could not fault the guy. We are so overwhelmed that there is no time in the budget to research and resolve side problems we find like this. The bad part is that bugs such as these escalate into further bad code. We got to put a stop to this nonsense at some time in the future. It just can’t be right now because we are in a state of emergency.
Backtrack Linux - Backtrack is a Linux distribution based off Ubuntu. It is used for penetration testing and forensics. The distro was a combination of WHAX and Auditor. It...