A weekend solution, two months later
We’re implementing a new student portal, and as part of the portal we want a true single sign-on: one that works across systems. We’ve brought in a consultant to assist us; I happened to be there today while the consultant was copying a user from our LDAP authentication system to the portal for test purposes.
“That’s strange. Every user seems to have two password hashes.”
“Yeah.”
“The second one seems to always be the same hash.”
“Yeah.”
“That’s scary.”
“Yeah.”
Yes, our weekend backdoor is still active two months later.
In response to I can’t think of any other way to do it: There is no system so insecure that a rushed migration can’t make things worse.
More job rants
- Save Me Time, Save Yourself Trouble: Buy Macintosh
- Why the Internet support specialist wants you to buy Macintosh. Hell hath no fury like a Windows user who discovers the Macintosh advantage.
- Anticipating failure
- Whenever a computer expert claims that you won’t have to open the window and that it is okay to seal it shut, require that somewhere on their upgrade they have to include Douglas Adams’s quote about air conditioning.
- IT’s rarefied view of obsolescence
- In IT, where everyone ends up trying to get the latest equipment, it is easy to forget that the rest of the world keeps using things until they are no longer useful.
- Losing and missing the point
- Two random and exceedingly boring observations about letting people play free, and the weight of unquestioned tradition.
- The Slashdot security test
- I’ve found the Slashdot Security Test invaluable: if we implement this process and we get hacked, how will Slashdot posters react?
- 13 more pages with the topic job rants, and other related pages
I could use a weekend that long.