[techtalk] Slightly OT: My dopey sysadmin strikes again!

JamesA.Sutherland JamesA.Sutherland
Wed Apr 4 21:53:12 EST 2001


On Wed, 04 Apr 2001 15:09:24 -0400, you wrote:

><rant>
>We have a web based homework assignment doo hickey.
>
>He has started giving me names of teachers who to participate in it and starts giving me the teachers names and the password HE wants.  And they are absolutely retarded.  If the user's name is Joe Smith, he puts the password down as "joes" or if the user's name is Mary Turnkey "maryt". =O

Gagh! The idiot! When I had to create user accounts at my old school,
I used the user's date of birth as their password (since you should
know your own and that was already in the student database).

The biggest drawback of course is that you would tend to know a few
other dates of birth too, but that wasn't a huge problem; you had to
change your password on your first logon anyway. These days, I can
only remember the DOB of five other users, and we've all left now
anyway :-)

>We are a hack waiting to happen :|
>
>At least it isn't actual accounts on the server, just access to one page via PHP/MySQL, but I can imagine the porn popups now when some elementary school kid goes to click on their homework.
>
>We don't even md5 the passwords, since the teachers are rather forgetful and we like to be able to look up their passwords via the console.  sigh :(

Oh dear...


James.




More information about the Techtalk mailing list