Yet another "at least it has a password" WTF



  • So I'm spelunking around some old, probably abandoned, directories on the servers, looking for snippets of Javascript that I might be able to use (I was actually looking for already-installed libraries so that I wouldn't have to get permission to download and install them myself ... a process which can exceed ... well the heat death of the universe is the outside limit, I believe ... anyhow ...)

    I used the UNIX find command to seek out anything that ended with ".js" and stumbled upon "password.js" ... oddly, copied to several directories. So I open it ...

    //
    // filename: password.js
    // purpose : protect [redacted]<PROJECT> archive files from
    //           global access without permission
    // author  : [redacted]<REDACTED>
    // date    : 200706131423
    //
    var password=' ';
    var keyword='hunter2';  // [note; not the real password]
    password=prompt('Please enter your password:',' ');
    if (password==keyword) {
      alert("good");
    }
    else
    {
      alert("bad");
      location.href="<url of project page>";
    }
    


  • HOLY CRAP! Now I've stumbled upon a major organization's web page who requires ... no, not Javascript ... no, not ActiveX ... no, not even Flash ... no, it requires the Java JRE Plugin for its menu system to work.  /facepalm



  • TRWTF is using double instead of triple equals in Javascript.



  • @zelmak said:

    HOLY CRAP! Now I've stumbled upon a major organization's web page who requires ... no, not Javascript ... no, not ActiveX ... no, not even Flash ... no, it requires the Java JRE Plugin for its menu system to work.  /facepalm



    In Denmark our collective identification system Nem ID ( Easy ID) requires java. This of course means that i't won't work on many mobile platforms, but not to worry, they are only 3 years late with a solution that'll work on all mobile devices...

    My bank has solved this by wrapping nemID/banking in an android application, which surprisingly works quite well. Tho it'll only auth you with nemid when you are making a transaction. This means that if anyone sees my 4 digit (no letters allowed) app-pin they'll be able to see all my stock/accounts/expenses etc. This is made worse by the fact that maybe 80% of the country used their cprnr (roughly equivalent to SSN, except the format is DDMMYY-1234, also confidential) as USERNAME. I must admit i did this too, it was encouraged to do so on the signup page, and i stupidly assumed that since they encouraged that, the username would be secret. It isn't.



  • That's amazing! 'hunter2' is not my real password either!



  • @aKatechis said:

    TRWTF is using double instead of triple equals in Javascript.
     

    TRWTF is languages with several equality operators. (Yeah, that includes Prolog.)

    No, wait. The real real WTF is C-like languages where the "==" operator won't return what you expect. (Ok, now it doesn't include Prolog, but it does include Java.)


  • BINNED

    @aKatechis said:

    TRWTF is using double instead of triple equals in Javascript.
     

    I always go for quadruple equals for total equality.

    @Mcoder said:

    TRWTF is languages with several equality operators. (Yeah, that includes Prolog.)

     

    But Prolog has by design more complicated reasoning for this, so I wouldn't count it in.

     



  • @RichP said:

    That's amazing! 'hunter2' is not my real password either!

    What do you mean? All I see are stars.



  • Using a Java applet for site navigation menus was actually semi-common back in the Paleolithic days of the web.  I started one job at a major media company just as they were phasing theirs out in favor of a new and fangled "DHTML" solution.


  • Trolleybus Mechanic

    @topspin said:

    @aKatechis said:
    TRWTF is using double instead of triple equals in Javascript.
     

    I always go for quadruple equals for total equality.

     

    Fuck everything, we're doing FIVE equals.

     



  • @Lorne Kates said:

    @topspin said:

    @aKatechis said:
    TRWTF is using double instead of triple equals in Javascript.
     

    I always go for quadruple equals for total equality.

     

    Fuck everything, we're doing FIVE equals.

     

    8===============================3 // false



  • @Ben L. said:

    @Lorne Kates said:

    @topspin said:

    @aKatechis said:
    TRWTF is using double instead of triple equals in Javascript.
     

    I always go for quadruple equals for total equality.

     

    Fuck everything, we're doing FIVE equals.

     

    8===============================3 // false

    8===============================D~~ // true



  • @flabdablet said:

    @Ben L. said:
    @Lorne Kates said:

    @topspin said:

    @aKatechis said:
    TRWTF is using double instead of triple equals in Javascript.
     

    I always go for quadruple equals for total equality.

     

    Fuck everything, we're doing FIVE equals.

     

    8===============================3 // false

    8===============================D~~ // true

    8=D // but you swore to me you were just on your period!


Log in to reply