So, that's how you deal with unique keys ...
-
I'm a consultant, my laptop belongs to my employer but I work at the client's place.The client asked I bring my own laptop as their maintenance costs per laptop are shockingly high.
As I'm not using a "certified" laptop, I have to use a specific wired network (because "security"). Problem is, I need to connect to a remote desktop, which is not allowed (because "security") and they won't allow me to do so (because ... ). So we found a workaround : there's a guest wifi available, which allows remote desktop connection.
In order to use it, I need to create a guest account using an intranet web page. Pretty straightforward : enter your AD credentials to access the page, then fill in infos such as name, last name, company, ... And you get a login made from you name's first letter and name... The first time. These credentials are only valid for 24 hours. If, say, your client stays for 2 or 3 days, you have to create a new access every day for the same person (or someone you would have the same credentials). This time (and the followings), some random numbers (<100) apprear at the end of the original credentials.
I've been using this workaround for quite a time now and ...Yes, I've used some "logins". So what happens when I ask for one ant the generated one already exists ? I get a "This login already exists" javascript alert. Aaaand that's about it. I need to resend the form as many times as needed for the server to generate a login that will not be a duplicated one (even if it's outdated, of course).
I hope we'll find a new workaround as I'm using this one for almost 3 months ...
-
You can tell they're not really security experts because your "workaround" didn't get classified as a "security breach".
@setasensei said:
some random numbers (<100)
I presume this means "one random number less than 100", rather than "less than 100 random numbers". In which case why aren't you locked out of the system entirely after more than 99 days?
-
@Snowyowl said:
In which case why aren't you locked out of the system entirely after more than 99 days?
I think he will be. That's why he said he hopes they find a new workaround soon, as he's been there for 3 months already.
-
@setasensei said:
I hope we'll find a new workaround as I'm using this one for almost 3 months ...
Just VPN-tunnel out ? I can't imagine they block port 443 on any network, that won't work very well for them (ok ok, i can imagine that happening).
-
Modify the javascript client side?
-
There's always the option of connecting to a commercial ISP WiFi/cell network and you can go anywhere on the Internet. With the right credentials you might even be able to get from the Internet into the client's network, but that doesn't sound like it would satisfy their peranoia. Ahah! Bring two machines, one for the global Internet and one for the client's LAN, and cable/wifi them together. Oh won't they freak!
-
@Sutherlands said:
Modify the javascript client side?
I tried to mess with the javascript, but apparently they get the random number server side. There's almost nothing on the original form.
The commercial ISP was the first solution we used (i've been working here for quite a time, now), we set it up and hid it as much as we could. We used a VPN to connect to the source controller But they figured out we were using an "unsafe" network (worse : we used a wireless router they never heard about) and cut it. All the consultants had to work from their home for a few days before they could find a solution (the special network).
-
@setasensei said:
@Sutherlands said:
Modify the javascript client side?
I tried to mess with the javascript, but apparently they get the random number server side. There's almost nothing on the original form.
The commercial ISP was the first solution we used (i've been working here for quite a time, now), we set it up and hid it as much as we could. We used a VPN to connect to the source controller But they figured out we were using an "unsafe" network (worse : we used a wireless router they never heard about) and cut it. All the consultants had to work from their home for a few days before they could find a solution (the special network).
Please sir, I am having contest assignment that involves random numberz and needing to get good random numbers from remote server. Can u send me teh codez?
I am much hoping to win the grand prize, and will share the coffee cup with you if you can help me!
-
I hate to break it to you, but these kinds of workarounds are the reason so many companies have messed up IT processes. You're trying to engineer around a business problem because technical fixes are politically cheap. The fact is, your client has given you multiple sets of incompatible requirements, and you need to harmonize them, rather than trying to get by on technicalities until you can't do anything.
The fix for this involves three perspectives - the side that hired you to do work, the side that asked you to use a non-client-managed machine, and the side that won't allow you to do your work using a non-client-managed machine. Get representatives of those three positions in a room together, and have them figure out a solution. At this point, you're going to have some explaining to do about how you've been able to work for three months and why this is becoming a problem - ideally this get-together should have taken place your first week there.
Realistically, the ultimate solution is likely to be that your client either issues you a laptop or kicks you out for "breaching their security".
-
@Snowyowl said:
You can tell they're not really security experts because your "workaround" didn't get classified as a "security breach".
@setasensei said:
some random numbers (<100)
I presume this means "one random number less than 100", rather than "less than 100 random numbers". In which case why aren't you locked out of the system entirely after more than 99 days?
Maybe he doesn't work weekends.
-
@Kaligraphic said:
I hate to break it to you, but these kinds of workarounds are the reason so many companies have messed up IT processes. You're trying to engineer around a business problem because technical fixes are politically cheap. The fact is, your client has given you multiple sets of incompatible requirements, and you need to harmonize them, rather than trying to get by on technicalities until you can't do anything.
The fix for this involves three perspectives - the side that hired you to do work, the side that asked you to use a non-client-managed machine, and the side that won't allow you to do your work using a non-client-managed machine. Get representatives of those three positions in a room together, and have them figure out a solution. At this point, you're going to have some explaining to do about how you've been able to work for three months and why this is becoming a problem - ideally this get-together should have taken place your first week there.
Realistically, the ultimate solution is likely to be that your client either issues you a laptop or kicks you out for "breaching their security".
Your point might be valid. But, as often, politics and egos play a huge part in my current problem.
Even with a corporate laptop (or workstation, mind you), I cannot access remote desktop (just-because-don't-ask). No one can (except one guy, but my guess is he's using the exact same workaround I am). As I said we had a commercial ISP connection at the beginning and didn't bother about the "can I access a remote server ?" because we could.
This project's history is a huge mess. I'll try to be short :
I'm working for a former non-tech company. The guys that deal with the network, hardware and stuff set up everything with that in mind (i.e Just block everything that's not on port 80 or 8080 and contains some words like "hack", "games", ...). That was a few years ago.
My team grew faster and faster as IT became important for their business.Apparently too fast for the network and hardware guys. They started asking a lot of things (like : opening ftp ports, setting up IIS web server, ...). I guess it went too fast, they freaked out and blocked the process. I let you guess what happened next.
Now, relationships are a "little" tense with them. And as I've often seen here, these guys have the power to block everything and don't hesitate to use it (wether it's legit or not is not the point, here).
We don't have any web integration server. In fact, we just have a production web server, we are not allowed to have more. Not that they don't want to, but the price is too high : around 50 to 100 times more expensive than just renting a random web server. So, we rented one, knowing they would be angry if they knew it, I admit it.
Oh and they cannot kick me for breaching security, the workaround comes from one of their guys. We just asked to have access to both remonte connection and source control from one connection (even if it involves using vpn), he refused, saying that we just have to switch between the two. I wasn't aware of that login limitation thing by that time.
-
@setasensei said:
... enter your AD credentials to access the page, then fill in infos such as name, last name, company, ... And you get a login made from you name's first letter and name...
What's stopping you from using your middle name, or any other name, for the next 90 days?
-
@RonBeck62 said:
@setasensei said:
... enter your AD credentials to access the page, then fill in infos such as name, last name, company, ... And you get a login made from you name's first letter and name...
What's stopping you from using your middle name, or any other name, for the next 90 days?
How have you managed to only find 17 things worth replying to in 9 years?
-
@Ben L. said:
@RonBeck62 said:
I know math is hard while you're in high-school, but...@setasensei said:
... enter your AD credentials to access the page, then fill in infos such as name, last name, company, ... And you get a login made from you name's first letter and name...
What's stopping you from using your middle name, or any other name, for the next 90 days?
How have you managed to only find 17 things worth replying to in 9 years?
-
@Sutherlands said:
@Ben L. said:
How have you managed to only find 17 things worth replying to in 9 years?
I know math is hard while you're in high-school, but...Once you get to college you can talk an instructor out of a Mathematica license.
-
@MiffTheFox said:
@Sutherlands said:
@Ben L. said:
How have you managed to only find 17 things worth replying to in 9 years?
I know math is hard while you're in high-school, but...Once you get to college you can talk an instructor out of a Mathematica license.
And the shame of having blown a professor for said license won't last long.
-
@drurowin said:
@MiffTheFox said:
@Sutherlands said:
@Ben L. said:
How have you managed to only find 17 things worth replying to in 9 years?
I know math is hard while you're in high-school, but...Once you get to college you can talk an instructor out of a Mathematica license.
And the shame of having blown a professor for said license won't last long.
Until you open the box and discover it's just filled with old Lyndon LaRouche pamphlets and shredded newspaper.
-
@morbiuswilters said:
@drurowin said:
@MiffTheFox said:
@Sutherlands said:
@Ben L. said:
How have you managed to only find 17 things worth replying to in 9 years?
I know math is hard while you're in high-school, but...Once you get to college you can talk an instructor out of a Mathematica license.
And the shame of having blown a professor for said license won't last long.
Until you open the box and discover it's just filled with old Lyndon LaRouche pamphlets and shredded newspaper.
Well, from reading Ben's posts here, he'd probably blow the professor just for the satisfaction of having done it.
-
@drurowin said:
Well, from reading Ben's posts here, he'd probably blow the professor just for the satisfaction of having done it.
I don't think Ben's gay, he's just really, really, really committed to producing a high-quality blowjob.
-
@Sutherlands said:
@Ben L. said:
@RonBeck62 said:
I know math is hard while you're in high-school, but...@setasensei said:
... enter your AD credentials to access the page, then fill in infos such as name, last name, company, ... And you get a login made from you name's first letter and name...
What's stopping you from using your middle name, or any other name, for the next 90 days?
How have you managed to only find 17 things worth replying to in 9 years?
TDWTF started in 2004. It is currently 2013.
-
@Ben L. said:
@Sutherlands said:
@Ben L. said:
@RonBeck62 said:
I know math is hard while you're in high-school, but...@setasensei said:
... enter your AD credentials to access the page, then fill in infos such as name, last name, company, ... And you get a login made from you name's first letter and name...
What's stopping you from using your middle name, or any other name, for the next 90 days?
How have you managed to only find 17 things worth replying to in 9 years?
TDWTF started in 2004. It is currently 2013.
Yes, but the user in question joined in 2006. Put down the hash pipe and open your remaining eye.
-
@drurowin said:
@Ben L. said:
@Sutherlands said:
@Ben L. said:
@RonBeck62 said:
I know math is hard while you're in high-school, but...@setasensei said:
... enter your AD credentials to access the page, then fill in infos such as name, last name, company, ... And you get a login made from you name's first letter and name...
What's stopping you from using your middle name, or any other name, for the next 90 days?
How have you managed to only find 17 things worth replying to in 9 years?
TDWTF started in 2004. It is currently 2013.
Yes, but the user in question joined in 2006. Put down the hash pipe and open your remaining eye.
#|
-
-
Wow, it's true what they say about the British...
-
@Ben L. said:
Wow, it's true what they say about the British...
That we're amazingly awesome?
-
@drurowin said:
@Ben L. said:
Wow, it's true what they say about the British...
That we're amazingly awesome?See, I can't hear your accent, so I'm not fooled into thinking you're sentient.
-
@drurowin said:
No, that's not "number one", that was "hash pipe". Please pay attention.@Ben L. said:
You're #1 at what? #2?#|
-
@PJH said:
@drurowin said:
No, that's not "number one", that was "hash pipe". Please pay attention.@Ben L. said:
You're #1 at what? #2?#|
It's "octothorpe unbroken bar".
-
@Ben L. said:
Wow, it's true what they say about the British...
Wow, you're dense. He's clearly from हैदराबाद. Says so right there under his picture.
-
I used to hang out at octothorpe unbroken bar back in college. It's too rowdy for my tastes nowadays...
-
@Sutherlands said:
@Ben L. said:
Wow, it's true what they say about the British...
Wow, you're dense. He's clearly from हैदराबाद. Says so right there under his picture.You mean Hyderabad, India isn't in the UK?
-
-
