Hacker News new | past | comments | ask | show | jobs | submit login

Hehe. Less than 8 years ago I asked for help to add a column in a database at a company I helped. This was a few days after they met me for the first time.

The company solved this by giving me a root username and password that worked on every single important database in the company, at least every customer database.

I had to beg them to create a somewhat restricted account.

The same company was however deeply sceptical to all kinds of remote work. The security equivalent of penny wise pound foolish I guess :-]




At a previous job they refused to give me database access and instead insisted I ask them whenever I needed any columns added/altered, however I did have access to the code to do my job and...mysql root credentials were committed to the repo.

To keep the charade up I sent one of every 20 requests to them to do for me.


With root access I suppose you could have created a restricted account yourself!


I end up doing something like that whenever I’m granted root. I create a limited account, then delete the root or, if it’s shared, ask that the password be changed.


I laughed so much at this


It's more than an absurdity, you have to do that to protect yourself from embarrassing mistakes. It prevents you from accidentally deleting or modifying the system in a difficult-to-restore way. If that happens, any security issue that existed becomes purely abstract and academic.


On one my past job there were fingerprint reader system on enter to office. Almost 6 years later, I were still able to enter office with my fingerprint.


At one of my past jobs there was a fingerprint reader system to enter the office. It didn't work reliably to recognise fingerprints of employees, so after a while people settled on the solution of having a large brick next to the door which was used to wedge the door open during the daytime after the first person managed to get the door open in the morning.


I get this same thing with being invited to an Azure instance. years later I still have full access


Skepticism regarding remote work often comes from the fact that a company is not sure whether the employees work like they should (especially for larger companies).

If they slack off, at least they do it in the office and not freely at home (imagine the possibilities!)


This feels awfully familiar. My current company uses the same generic username-password combination for every server.

But we aren't allowed internet access on our workstations because "security"




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: