I don’t normally cross-post, but this was just too funny.

From TheDailyWTF:

DBA:  Do you want usernames to be unique?
Developer:  Yes

(next day)

DBA: Should passwords be unique as well?
Developer:  No

(later that day)

DBA: Shouldn't we require passwords to be unique?
Developer: No
DBA:  Are you sure?
Developer: <15 minutes of explanation as to why different users are not required to have different passwords, just usernames>

(next day)

DBA:  Your procedure doesn't return a specific error message.
Developer:  It's a security issue, and should only return "Invalid Username/Password Combo."
DBA:  So if they get the username wrong, but the password correct you're not going to display a specific message?

Full text found here.

Comments (8)

  1. Uwe Keim says:

    Yeah, the daily WTF website really rocks! 🙂

    Since I read it, whenever I write some code, I think to myself: "…could this be done better? Or is this even worse enough to be a candidate for thedailywtf.com?…"

  2. SuperBK says:

    Now now, I’ve only worked with a couple of DBA’s. (at my one stint with a big company), and they were much more Competent than that. and Oracle is a pain in the !@#$%#$# database.

  3. Larry: Have you been to the http://www.dba-oracle.com/dress_code.htm link mentioned in the dailywtf.com post?

    I doubt that he would be happy to see one of his consultants wearing the shirt you’re wearing on the channel9 videos! 🙂

    First I thought his site/firm was a joke, but after browsing around on it it seems like I have to reconsider that…

  4. Peter Torr says:

    I think I’ve passed the point of no return. I read that thing half a dozen times trying to figure out what was funny about it before eventually giving up. Seems like a perfectly reasonable response for a non-security person to have…

    Or maybe I’m just having a bad day 🙁

  5. Peter,

    To me, the thing that makes it funny is that the DBA in question misunderstood the difference between data and its use. He assumed that usernames and passwords were nothing more than two string columns in a database, without understanding the semantics behind them.

    But IMHO, laying out data in a table without an understanding of the underlying semantics of that data is folly.

    And Andreas, I’m quite happy I don’t work in a customer-facing unit. Btw, the shirts (and I’ve got many of them) come from http://www.smartscrubs.com – they’re hospital scrubs, with really cool patterns (Valorie’s got a "when pigs fly" one), and they wear like iron.

  6. Peter Torr says:

    Actually, on reflection I think the funniest thing was that the DBA only managed to define one column per day 🙂

    Plus I think I was having a bad day (and I feel sorry for people who don’t understand security…)

Skip to main content