CodeSOD: A Secure Item

, Software Pundits
This post was originally published on this site

The Daily WTF

Kirill writes:

I’ve worked in this small company for a year, and on a daily basis I’ve come across things that make my eyes sink back into their sockets in fear, but mostly I’ve been too busy fixing them to post anything. It being my last day however, here’s a classic

We’ll take this one in parts. First, every element of the UI the user can navigate to is marked with an enum, defined thus:

enum UiItem { SectionA, SectionB, SectionC,…SectionG }

These names are not anonymized, so already I hate it. But it’s the next enum that starts my skin crawling:

enum SecurityUiItem { SectionA = UiItem.SectionA, SectionB = UiItem.SectionB, … SectionG = UiItem.SectionG }

A SecurityUiItem is a different type, but the values are identical to UiItem.

These enums are used when trying to evaluate role-based permissions for access, and that code looks like

To read the full article click on the 'post' link at the top.

Date

You May Also Like

A Tapestry of Threads

Error'd: Are You Old Enough to Know Better?

Perfect Uptime

Classic WTF: Working Around, Over and Through the Process

CodeSOD: Constantly Magic

CodeSOD: In House Refactoring

More Posts From: Software Pundits

Error'd: No Time Like the Present

CodeSOD: Don't Date Me

CodeSOD: Expressing a Leak

Representative Line: Broken Up With

COGNOS: Fast, Private & On-Demand Answers for Business Operations

CodeSOD: Where is the Validation At?