Ranter
Join devRant
Do all the things like
				++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
				Sign Up
			Pipeless API
 
				From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
				Learn More
			Comments
		
- 
				
				 qwwerty11794yis it possible to submit the survey multiple times? are employee ids available? how about submitting it for each employeee 50 times with random answers/lorem ipsum? or submitting negative feedback as all managers in top 2 levels? qwwerty11794yis it possible to submit the survey multiple times? are employee ids available? how about submitting it for each employeee 50 times with random answers/lorem ipsum? or submitting negative feedback as all managers in top 2 levels?
- 
				
				@qwwerty Haha, it’s a good thought but there was also a token parameter that I excluded for brevity
- 
				
				Correct reaction: Company-wide email explaining in detail, on what levels HR fucked up here.
 
 And you should definitely fill that survey - might get you a raise when they fear you quitting soon...
- 
				
				Even if it's anonymous, the smaller the team / company, the more likely some answer will make you recognizable, like 100% of our UX department that consists of 1 person, have criticized the design process
- 
				
				To give them the benefit of the doubt :
 
 This might be stupidity rather than malicious intent.
 
 They might just have added some Id to avoid duplicate submissions.
 They know they work with tech so if they really wanted to maliciously do tracking without getting caught they wouldn't have done it with a query param.
 
 Still - a valid concern.
 Obviously it's not anyonmius with that url.
 
 Even if "no one will look at that" it's a huge privacy risk.
- 
				
				@qwwerty employee ids seem sequential, so i would say yes, all are available via bruteforce
Related Rants
- 
						
							 boombodies14Manager: We need to setup the security in the Mexico server Dev: You mean that 3rd party firewall add on? Ma... boombodies14Manager: We need to setup the security in the Mexico server Dev: You mean that 3rd party firewall add on? Ma...
- 
						
							 boombodies25Manager: Why aren’t you working? Dev: I am, I’m just not typing because I’m thinking an issue out. Man... boombodies25Manager: Why aren’t you working? Dev: I am, I’m just not typing because I’m thinking an issue out. Man...
- 
						
							 boombodies17Manager: How come the intern does way more tickets than you? Dev: Because you told me to only give him the ea... boombodies17Manager: How come the intern does way more tickets than you? Dev: Because you told me to only give him the ea...










HR: Everyone must fill out these 100% anonymous surveys about how you feel about our company, it’s leadership, and how likely you are to leave in the next 6 months etc. Please be 100% honest, since again it is 100% anonymous. Reminder! You must use the individual links we sent to you, do NOT use someone else’s link. Oh did we say it’s 100% anonymous?
The Link:
www. surveygen .com/ companysurvey123 ?employeeName=boombodies &employeeId=6969
Dev: …
rant
human resource machine
garbage collection
management logic