« Agile Programming.. | Main | The weird people at the park »

The "Agile Password" policy?

At this link click on "update events".. pretty prompt? Nice and secure? Now look at the source..

Now that's quality web development!

Here's a screenshot in case it changes..

Posted by kasia on July 5, 2005 08:07 PM |

Comments

Hah! Love the screen shot.

Posted by: Mike D. | July 5, 2005 10:37 PM

Thankfully the password for emailing the subscribers is MUCH easier to figure out (on the tools page).

Posted by: joe | July 5, 2005 11:29 PM

LOL, the speed at which the 'wrong password' message returns kinda gives it all away doesn't it? :)
They could at least have introduced a small latency (to pretend it's hitting the server) so it wouln't be that obvious.

Posted by: Daniel | July 6, 2005 12:53 AM

I also like how there's no auth once you're actually on the page.

Posted by: fluffy | July 6, 2005 01:25 AM

Daily WTF time? Or is it worthy of hates-software? :)

Posted by: Peter Pentchev | July 6, 2005 03:35 AM

So... how many events have you added already?

Posted by: Philip | July 7, 2005 07:42 PM

Don't even need to know the "password"? Just google "112crew website tools" and you're in...

http://www.google.com/search?hl=en&q=112crew+website+tools&btnG=Google+Search

First hit is the infamous tools.php...

Posted by: Jomofo | July 8, 2005 12:38 AM

I always cringe when I see that; really, it scares me.

Unfortunately, I have to concede that the company I used to work for did the same thing. There wasn't anything really sensitive out there but still...

Posted by: Steve Kalemkiewicz | July 9, 2005 01:31 PM

Hah! They changed the "password" in a vain attempt to improve security.

function editEvents() {

var getin = prompt("What is the password?","")
if (getin=="whatsnew")
{
alert('You got it! In you go...')
location.href='http://www.112crew.com/tools.php'
}
else
{
if (getin=="null")
alert('That aint it SUCKA...')
else
if (getin!="whatsnew")
alert('That aint it SUCKA..')
}
}

Posted by: Ryan | July 10, 2005 03:36 PM