18
athlon
3y

Not co-worker, but class mate. Specifically, my group mate.
Boy, I could fill an entire book with the “what the fuck” moments.

Here, the prior question of his was “why is this happening?”

Comments
  • 7
    Then we got this lovely snippet:
  • 6
    …which he later turned into this - still not knowing what is wrong with it.
  • 5
    And then my favourite - pièce de résistance. A button that is supposed to update an entry in the DB that does jack shit.
  • 6
    I’m so glad that this Friday it’s all over and 80% of the grade is an individual work. Even if it doesn’t compile due to my colleague’s code - I don’t care! :)
  • 8
    Lulz. Your colleague should probably not try a developer career...
  • 0
    You need to get somewhere that doesn't use webforms, buddy.
  • 5
    I mean, the login works right... sure it's not secure but that's not a thing taught or graded on so what's it matter.

    I'm going to go hang your friend 🫠
  • 0
    @C0D4 How it's not secure ? It depends on Encrypt I guess. Personally, I'm usung BCrypt. With option of 11.
  • 0
  • 2
    @NoToJavaScript hold up.
    I was referring to @athlon's rant screen shot, the username is the only value sent to the Db, based on what I'm seeing.

    Using bctypt without a hash is one thing. Actually comparing the hash is another 😂
  • 5
    @NoToJavaScript well, the encrypt does not accept anything but password.

    That means its not using any salt, hence not secure.
  • 2
    @Voxera That actually has been modified post screenshot. Now all users have an unique salt.
  • 2
    @C0D4 from what you actually see, he’s trying to run “CheckLogin” void (which should either be a book, or preferably a Login object btw) by putting Login object into function that accepts two strings - and then he asks what’s wrong!

    Buddy, the solution is staring in your face - figure it out!
  • 0
    Android project?
  • 2
  • 0
    @athlon you don't need anything beside password. For example Bcrypt manages salt automaticlly, no need to even remember it exists. But it does come with a cost. It take around 150 ms to check if password is correct. (Afain with 11 as "dificulty", I don't remember the exact term).

    I tried to bump that factor to 13, but it starts to be really long as a check ;p
  • 0
    Oh but. Where did you find that code ?!

    Surelly there is a pipeline which compiles and will not permit to merge a PR with compilation errors ? Who the fuck can even submit that ?!
  • 0
    @NoToJavaScript not quite.

    Bcrypt for verification uses the password and the stored value and checks internally.

    If using only password you can only store it, not test since every new call creates a new salt that is stored within the encoded value.
  • 4
    It's so weird when people fail to grasp c-style languages' scoping logic. It's literally just "what happens in curly braces stays in curly braces". I also never understood why languages like Python or JS decided to violate this dead simple rule that effortlessly guarantees correctness.
  • 0
    @lbfalvy I wholeheartedly agree. I think it’s way easier to read and understand the code than it is with tabs in Python too.
  • 0
    😇🤬💩 😧
  • 0
    @lbfalvy for js its actually quite simple.

    Before they introduced the let keyword, js used function scoping

    And the base document can be considered a main function.

    Nested functions have their own scope but can access the parent scope.

    Just as c uses “{}” js uses “function(){}”

    With that difference scoping then works just the same.
  • 1
    Saving this rant for when I get imposter syndrome
Add Comment