mathemagicio.us » Security http://mathemagicio.us Ramblings and musings about math, science and truth Wed, 14 Oct 2009 01:02:47 +0000 http://wordpress.org/?v=2.8.4 en hourly 1 This physically pains me http://mathemagicio.us/2009/05/21/this-physically-pains-me/ http://mathemagicio.us/2009/05/21/this-physically-pains-me/#comments Fri, 22 May 2009 03:58:23 +0000 Mark Przepiora http://mathemagicio.us/?p=436 Here’s a real excerpt (slightly modified to protect the stupid, and now fixed) from a web app I inherited. GRAAAAAAAARGH!

def encrypt_password
  ...
  self.salt = md5("#{Time.now.to_s}-#{login}")
  ...
end
 
def generate_confirm_hash
  ...
  self.confirm_hash = md5("#{Time.now.to_s}-#{email}")
  ..
end

Pro-tip for hiring managers: ask candidates to identify problems in the above code, and smack any who fail to do so.

]]> http://mathemagicio.us/2009/05/21/this-physically-pains-me/feed/ 0