|
We just took over management/design of a web based application for a new customer of ours. This application theoretically is written in .NET, but upon closer examination, it was discovered that it had a rather unusual way of connecting to the database, in this case Microsoft SQL Server.
Are you ready for this? Here goes. In order to connect to the database every ASP page calls a dll that was written using .NET. What does this .NET dll do? Good question. The answer of course is that it provides a wrapper for a VB6 dll. Thats right ASP calls a .NET dll that calls a VB6 dll (honestly I did not know that was even possible!). Feeling queasy yet? It gets better, because it was in the VB6 dll that the true horror awaits. The connection was hard coded! The database server MUST have a specific computer name. You get a new database server? Make sure its named the same otherwise the application wont work! Even better was that the application ALWAYS connects using the sa account. Yup, why bother creating another user when SQL Server comes with the sa account by default! Screw best practices! To top off this piece of crap the sa account password is hard coded in as well. Can you guess the password? That's right! The hard coded password is ...... 'password'!!
Needless to say, I understand why the original developers are getting out of programming (if you can even call them developers).
:puke:
|
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore
