// Here be dragons
// Call Darren before changing
// Darren quit 2 years ago good luck 
//         - PJ 2015

Aw really wholesome actually. Some libraries in my area have senior friendly editing classes, I think it’s becoming more popular. Good looking out for them!

Why do people do stuff like this, is the logic not difficult enough to follow on it’s own without a secondary definition table to consult!? Fucking hell.

The secrets themselves were basically guids, they had quite a lot of characters. If sent MORE than 1 character, pretty low chance they would clash. But those long guids also covered a lot of letters and number - it wasn’t terribly difficult to find one single character that cleared authorization reliably.

And maybe you’re joking lol, but multitenant meaning multiple businesses/customers using the same application stored in the same database. If Bob’s construction wanted to spy on Jim’s contracting, they’d just need to know the right header to send and could get whatever they wanted from the other customer partitions. User access should of course be limited to their own assigned partitions.

I’ve had legacy systems that would encrypt user passwords, but also save the password confirmation field in plain text. There was a multitenent application that would allow front end clients to query across any table for any tenant, if you knew how to change a header. Oh and an API I discovered that would validate using “contains” for a pre-shared secret key. Basically if the secret key was “azh+37ukg”, you could send any single individual character like “z” and it would accept the request.

Shits focked out here, mate.

BREAKING: Man decides to install Linux.

More details to come.