|
I'm off digging my bunker. Thanks for the heads up.
GCS d--(d+) s-/++ a C++++ U+++ P- L+@ E-- W++ N+ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- r+++ y+++* Weapons extension: ma- k++ F+2 X
|
|
|
|
|
Is this a VoIP provider?
A very popular UK VoIP provider does not allow users to change their own passwords since, according to its help files, (a) the same password is used both for the management web UI and the actual VoIP SIP login, and (b) it would therefore create an excessive support burden if users could change their own passwords.
No, I'm not going to say who this is.
|
|
|
|
|
No, it is a very niche product. I started to type up what they do but realized that just describing it would be enough to identify the company combined with the knowledge they are the leader in their chosen space.
|
|
|
|
|
RJOberg wrote: it is the leader in their market Is it a market where IT is considered a necessary evil and afterthought?
That's the case for the business where I'm in and what you see is that pretty much everyone is using outdated technologies (most still have applications running in VB6 and dBase; barely anyone has web applications; on-premises .NET WinForms and SQL Server < 2013 is the most advanced you'll find; for data interchange sometimes SOAP, but more often CSV).
They simply don't care if it's good or not as long as it doesn't cost too much.
|
|
|
|
|
Sander Rossel wrote: Is it a market where IT is considered a necessary evil and afterthought? I think it is because they are such a niche product. When you look at similar but slightly less focused solutions the options become much more current in their IT technology choices.
If I were to venture a guess, it is because they don't have the same level of competition so they don't have to be the best and smoothest operator. When Chrome/Firefox started disabling Flash by default a few years back, their solution wasn't to update. Instead their support suggested we use IE11 instead because that didn't disable Flash (at that time, not sure now).
|
|
|
|
|
On the plus side, at least they want it replaced.
You may find (though given the other shortcomings it seems unlikely) that "impersonating" is not quite the same as logging in with another user's credentials. I've written apps where admin can impersonate another user (in order to see exactly what the user is seeing, but optionally without the option to update anything) but the login logs it as impersonation, and by whom, so at least that session is auditable.
|
|
|
|
|
DerekTP123 wrote: You may find (though given the other shortcomings it seems unlikely) that "impersonating" is not quite the same as logging in with another user's credentials They were pretty much the same though.
Under GDPR I doubt such a thing is legal.
Maybe it is in this system, since the customer is already known and can only download their own data that's coming from the business, but I've seen this option in a system with highly sensitive information like where someone was at what time.
|
|
|
|
|
Implement a mandatory 24-character password that has to include exactly four upper-case characters, exactly seven numerical characters, and all the rest accented characters.
Include mandatory password changes every three days.
After three weeks, when the two admins who've managed to log in for three days in a row have rapidly implemented some real security, go back to 8 any-old-chars with no password-change limit
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Or I did what my last job did, simply tell them their password is not secure, but don't tell them why
I had 12 characters, upper and lower case, two numbers and two special characters, but the system deemed it insecure and the only way I could get my password to work was by going to a sysadmin and entering it directly in AD
|
|
|
|
|
well this is the most simple...unless the client can pay you big for rewriting the security module of the web application.........
Caveat Emptor.
"Progress doesn't come from early risers – progress is made by lazy men looking for easier ways to do things." Lazarus Long
|
|
|
|
|
An acquaintance of mine, whose IQ barely reaches 2 digits and whose attention span is lower th oooh, shiny, is taking a 3 months course of Web Developement. She has troubles using her smartphone and comes from a failed literature and a failed arts background...
GCS d--(d+) s-/++ a C++++ U+++ P- L+@ E-- W++ N+ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t+ 5? X R+++ tv-- b+(+++) DI+++ D++ G e++ h--- r+++ y+++* Weapons extension: ma- k++ F+2 X
|
|
|
|
|
den2k88 wrote: comes from a failed literature and a failed arts background We all know literature and arts are way more complicated than programming (actually, that's my background too, although not failed)
|
|
|
|
|
I was upgrading a client website very similar to that. But they also had the concept of "business units" within a Company, each of which would define different features and options. If you were a user that needed to work in different business units, you had to use a separate login for each!
|
|
|
|
|
Wow, this application has the same thing!
Some people have around ten accounts, and it's only one account per business unit.
Also makes you wonder why the business accepted this (and why customers aren't complaining)...
|
|
|
|
|
They had a fellow fresh out of school develop the site, with no real world experience. It's one thing to know the language elements, but quite another to come up with a realistic architecture - taking the time to think through what would be the best experience for the user.
I replaced the whole mess with ASP.Net Identity, and basically applying a union to the various permissions he had from the various business units. The biggest challenge I had was a migration strategy to move the old accounts into the new system.
|
|
|
|
|
Add requirement to stackoverflow questions or create a separate exchange which requires unit tests included with answers. Why - so it can be learned by a broader group of people.
|
|
|
|
|
There is so much wrong here I don't know where to start....
|
|
|
|
|
Your right, but since you did not include a unit test with your answer, it will not be accepted.
|
|
|
|
|
Lewis Carroll: “Begin at the beginning," the King said, very gravely, "and go on till you come to the end: then stop.”
Sent from my Amstrad PC 1640
Never throw anything away, Griff
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
|
I'd suggest you suggest that over at SO - you'll get more abuse for your suggestion there than you will here.
We're the nice guys.
Sent from my Amstrad PC 1640
Never throw anything away, Griff
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Not acceptable - is an opinion question with no definitive answer, so not allowed on SO.
|
|
|
|
|
That's partly why you'll get more abuse ...
Sent from my Amstrad PC 1640
Never throw anything away, Griff
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Probably one for Stack Exchange Meta, but if we must discuss it here - take it to The Weird & The Wonderful, it's way too surreal for the Lounge!
Whenever you find yourself on the side of the majority, it is time to pause and reflect. - Mark Twain
|
|
|
|
|
Only CCC is too surreal for the Lounge...
"The only place where Success comes before Work is in the dictionary." Vidal Sassoon, 1928 - 2012
|
|
|
|