Thursday, March 22, 2007

A Different Type of Web Security

Or an inadvertent security measure.

We have a mission critical system that every project has to access before it can ship. No project is complete until this system has been updated.

It is a web based system. You can do all the work you need to do in a browser.

But only if you have the right browser.

IE is not the right browser. Firefox won't work either. Opera? Forget about it. And don't even bring up Safari.

No, you need Netscape to use the system. A specific version of Netscape. A nine year old version of Netscape.

Unless you have that version, the application will not display correctly, your inputs will not be accepted, and you will get errors every time you try to go through the prescribed process required for each project.

It is a rite of passage at our company that every new manager finishing up his first project must learn this the hard way. The browser requirement is not documented anywhere. That information is part of what I call "the great oral tradition" of our company where the way things really work is only transmitted by the elders around the campfire, and only when they deem you ready.

So a new manager will be pointed at this application, told to follow the instructions in the ISO compliant document, and sent on his merry way.

A merry way to frustration and despair.

The application will appear to work in IE or any other browser, but key elements will be missing from the page. The new manager will be sure that he just isn't reading the document right. He will try to enter the data in the fields that have the right name, some of which seem to be missing. He will try to submit that data only to get an unhelpful error stating that data from a field he does not see is incorrect.

Eventually the new manager will break down and cry out for help. Impatient weenies like myself do it right away. But other more stoic types will labor on trying to make the instructions work with the application they see. The pain can last for days in that situation.

Eventually the manager will end up on the phone with somebody who has been indoctrinated into the secrets of the application. That person will send the manager to the special location on the network where this special version of Netscape is kept.

Eventually the manager's eyes will be opened. The application will work. All will be right with the world.

Thus the process to ship a project at our company is completely secure. No outsider could possibly do it.

At least that is what I tell myself. It is a much better answer than the one a new manager will get from IT should he call them to complain about the application.

It seems that the guy who wrote it years ago was an ardent Netscape supporter. Only he does not work here any more. He hasn't for years. But the application works and IT, in a seeming reversal of their standard policy, is not inclined to fix something that works.

No comments:

Post a Comment