- No output
- Opcode error (PHP internals buggered)
- Illegial operation crashes when I tried to debug it and all different places in my code
This weeks PHP code mistake
Moderator: General Moderators
- Ollie Saunders
- DevNet Master
- Posts: 3179
- Joined: Tue May 24, 2005 6:01 pm
- Location: UK
I wrote a recursive function that looped forever and got
My time in one was a disaster. I always imagined that financials would be the 'best' place.. you know, a place where the only business is shifting billions of pounds around the market.. everyone is there soley to deal with money and vast quantities of it.. you'd imagine security would be paramount, that they would all be 'cutting edge' as far as technologies used would go. In other words, you'd of thought working at a trading-bank would be the mecca of IT environments.Weirdan wrote:Banks are always fun to hear about
What a shock it was to see some of the worst infrastructure I have ever heard of, let alone seen with my own eyes and I read all the "omg look how badly this is implemented" sites.
Absolute nightmare.
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
That poor bastard.Jenk wrote:or use a text editor that does it for you.
re: omitting WHERE on DELETE.. I know someone who worked for a bank supporting their transactions database. They received a call to remove a 'corrupt' record..
they entered : DELETE FROM `transactions`;
the bank had to freeze for 24hours until the backup arrived and was updated to include all the transactions from the day that was lost.
Bye bye job and hello Sarbanes&Oxley auditors having a field day!
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
http://en.wikipedia.org/wiki/Sarbanes-Oxley_ActMarK (CZ) wrote:Who are those?
A somewhat recent act that basically fixed a large set of loopholes that companies would sometimes use to reward its executives, also known as cooking the books. There's a "witchhunt" on in the Silicon Valley (San Francisco bay area, for those at home) right now where the government, among others, are digging through financials of companies looking for wrong doings such as backdating corporate options for executives and such. It's brutual, but needs to be done.
I work for a very large corporation and Sox compliance is a bitch. I've had to provide documentation a few times during internal audits.feyd wrote:http://en.wikipedia.org/wiki/Sarbanes-Oxley_ActMarK (CZ) wrote:Who are those?
A somewhat recent act that basically fixed a large set of loopholes that companies would sometimes use to reward its executives, also known as cooking the books. There's a "witchhunt" on in the Silicon Valley (San Francisco bay area, for those at home) right now where the government, among others, are digging through financials of companies looking for wrong doings such as backdating corporate options for executives and such. It's brutual, but needs to be done.
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
For us mere mortals at the bottom of the food chain, sarbanes&oxley has done more than just weed out those skimming money off the top. We have had drastically increased security audits (and measures) that must take place.
One of the most problematic is the use of administrator accounts (root on *nix) - i.e. it is absolutely prohibited. Installing some server apps is fun when the vendors distributed install package spits its dummy when you don't use root.
One of the most problematic is the use of administrator accounts (root on *nix) - i.e. it is absolutely prohibited. Installing some server apps is fun when the vendors distributed install package spits its dummy when you don't use root.
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
We've had that for years anyway as normal company policy, it might even be an ISO thing.
I've heard some ludicrous, but not entirely believable stories from friends in the industry.. one being a DBA at a bank (same one the other friend was sacked for deleting the entire table..) he claims every DBA has to have 3 accounts for every server they use.. one for read only, one for read + write and one for read + execute.. he says the logic is you login with the read account to examine and plan, login with write to make the change, then of course login with execute to.. execute.
He also says direct SQL commands are banned and you must create a stored procedure for any SQL you want to run.. even if it's just 'select count(*) from table'
I've heard some ludicrous, but not entirely believable stories from friends in the industry.. one being a DBA at a bank (same one the other friend was sacked for deleting the entire table..) he claims every DBA has to have 3 accounts for every server they use.. one for read only, one for read + write and one for read + execute.. he says the logic is you login with the read account to examine and plan, login with write to make the change, then of course login with execute to.. execute.
He also says direct SQL commands are banned and you must create a stored procedure for any SQL you want to run.. even if it's just 'select count(*) from table'
- Ollie Saunders
- DevNet Master
- Posts: 3179
- Joined: Tue May 24, 2005 6:01 pm
- Location: UK
- daedalus__
- DevNet Resident
- Posts: 1925
- Joined: Thu Feb 09, 2006 4:52 pm
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
Add a dna test, retinal scan and urine analysis then sign me up for two please.Everah wrote:Dude, our recent SarbOx nitpick is a companywide mandatory screensaver after 10 minutes of inactivity. Your system automatically locks you out and requires you to login back in again. I guess this is to prevent unwanted folks from peering into your potential non-compliant files or something.
I can understand the need to lock the screensaver, although it may be more secure to make it a biometric login or smart-carded... if you guys have that sensitive of data floating around.
That reminds me of the Visa cage(s) at, -- damn, I can't remember the name of the datacenter..
- Ollie Saunders
- DevNet Master
- Posts: 3179
- Joined: Tue May 24, 2005 6:01 pm
- Location: UK
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
the funny thing is that the information on our personal machines isn't that sensitive. The information in the mainframes is pretty critical, but the stuff on our machines is just not that intense. Oh well, I guess it was bound to happen. Either through policy or legislation, but it was going to happen.feyd wrote:Add a dna test, retinal scan and urine analysis then sign me up for two please.Everah wrote:Dude, our recent SarbOx nitpick is a companywide mandatory screensaver after 10 minutes of inactivity. Your system automatically locks you out and requires you to login back in again. I guess this is to prevent unwanted folks from peering into your potential non-compliant files or something.
I can understand the need to lock the screensaver, although it may be more secure to make it a biometric login or smart-carded... if you guys have that sensitive of data floating around.
That reminds me of the Visa cage(s) at, -- damn, I can't remember the name of the datacenter..
4 to go Feyd. I am freaking full of butterflies and I don't know why.