Comment by NewJazz
Comment by NewJazz 10 months ago
At the end of the day this is an amateur mistake
God I wish. More than one of my coworkers has made this exact mistake with our (thankfully internal) front-end apps.
Comment by NewJazz 10 months ago
At the end of the day this is an amateur mistake
God I wish. More than one of my coworkers has made this exact mistake with our (thankfully internal) front-end apps.
Coworker implies paid work, and therefore they are not amateurs. They very well may make the same mistakes, but those mistakes would be professional mistakes.
For some added pedantry: aren't all the mistakes that a professional might make, also ones an amateur would make?
In fact, it seems like an amateur is likely to run into all mistakes more often, thereby making all mistakes amateur mistakes; unless there some class of mistake that amateurs are better at avoiding?
If it's internal, did they really need to have auth?
YES!!! You need auth to prevent employees from looking up sensitive user data without a good reason, or it'll be a stalker's haven. And to prevent possible intruders from gaining more data/access. Defense in depth. And for preventing an experiment from wiping use data. And for so many other reasons!
The term of art is "Friendly fraud".
A significant amount of product stolen from retail stores actually goes out the back door.
> If it's internal, did they really need to have auth?
Nothing on a network is truly internal. The moment you break the physical link between metal and man you're in an unintuitive, and thus insecure, state.
I guess we're not always professionals at all the work that we do, if that makes sense