A Google Sheet used as a password manager that every employee had access to. To keep it “secure” the cells with the passwords were hidden by changing the background color to match the text color.
Lmao. I once had a senior dev put database passwords into documentation, and then was about to email those out to interview candidates with the passwords ‘blacked’ out. I caught it quick enough before it could be sent thankfully.
2024 lol. Maybe senior dev is an overstatement, he was just more senior than me. He also left a database where the main table had one varchar, freetext column that users wrote multiple fields into because it was a ‘simpler user experience’ . Was a pain to extract all those fields with regex…
I don’t even understand how that would get past even the first couple of people using it. I imagine the idea was that they’d copy/paste the value into the password field. But did nobody ever paste the password into somewhere other than a password field and realize, “Hey, I can see this password!”…even accidentally?
A Google Sheet used as a password manager that every employee had access to. To keep it “secure” the cells with the passwords were hidden by changing the background color to match the text color.
Holy crap
Lmao. I once had a senior dev put database passwords into documentation, and then was about to email those out to interview candidates with the passwords ‘blacked’ out. I caught it quick enough before it could be sent thankfully.
Yeouch. How long ago was this? It feels like the standards for even junior devs have gone way up.
…but I guess even the C-students must find jobs eventually…?
2024 lol. Maybe senior dev is an overstatement, he was just more senior than me. He also left a database where the main table had one varchar, freetext column that users wrote multiple fields into because it was a ‘simpler user experience’ . Was a pain to extract all those fields with regex…
Oh dear…
I don’t even understand how that would get past even the first couple of people using it. I imagine the idea was that they’d copy/paste the value into the password field. But did nobody ever paste the password into somewhere other than a password field and realize, “Hey, I can see this password!”…even accidentally?