Sysadmin fail

The last job I was with really did some weird things, they loved to store all of there clients username’s and password’s in a Microsoft Excel spreadsheet. I will let you take a moment to catch yourself because I was stunned by how stupid this idea was and why they even went thru with this. Now this is a company that has over 100+ users, some are onsite others work from remote locations, so when a ticket comes in to create a new username and password I would have prayed that the file is not currently opened from another technician’s computer. Not only could we not write to the file if it was already opened but what if someone was sniffing the network and used arp poisioning and saw this file?

I know there are pros and cons to everything but I offered the Sysadmin if he would be interested if I can take this project and make a simple MySQL database out of the information on the spreadsheet. My train of thought of creating a MySQL database is the fact that it would not have cost us a dime for the software and we already had the hardware to run this locally plus this would allow other tech’s to use any computer that has a web browser and enter information without having to worry if the spreadsheet file was still opened.

Like I said before there are pros and cons to everything, the cons to a MySQL database would be the fact that you have to worry traffic that is not encrypted because of the fact that the $_POST information is seen in plain text and can be picked up by a packet sniffer, but you can always setup HTTPS to help this issue out. Another issue would be if somehow, someone got access to the actual database itself but like anything you need to setup users and privileges to the database.

Long story short they are going to have a lot of fun when more users are created and only one person can edit the file at a time, and of course I would never setup a user’s password in plain text inside a database either, there are ways to hash the password from being seen by other users.

Tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.