Jump to content
Sign in to follow this  
  • entries
    191
  • comments
    861
  • views
    117741

Oh God, Pt II

Sign in to follow this  
Mithrandir

156 views

So I'm writing this new module for my company; it's a really high security thingamajigger.

Basically, the program it's for supports importing bank transactions; we want to be able to import bank transactions, sit on them until we have clearance to process them, and then actually process them. I can't go into more details without violating NDA's up the wazoo, but here's the basic rundown of the process:


1) Import transactions
2) program verifies authenticity of transactions
3) program waits until it has permission to process them (can take more than a day)
4) program processes transactions


Now, one of our customers has an insecure setup and cannot change it for whatever reason, so the data that is just sitting around, waiting to be processed in step 3, can be modified.

In fact they had a problem where someone was modifying the transactions after they've been verified to route small amounts of money into his account (a classic scam), and no one would be the wiser, since these transactions had already been verified. D'oh.


So anyway, my job for the past 2 months was to set up a verification system. Whenever step 2 completes, a carbon copy of the transaction is saved on an ultra-secure system which CANNOT be modified at all (ok, it can, but I've done the absolute best I can without resorting to encrypting the data and throwing away the key :P), so that when step 4 rolls around, it compares the transaction data on both systems, and if there is any mismatch, then it will refuse to process the transaction.


It's neat; it's a hack of course, because the customer doesn't know how to set up a better system, but it works.


Now the worst part is; in a work review today, the customer told me to add a feature. They want an easy way to skip the verification check. And they want this setting to be placed on the insecure server. When I told them that this will completely nullify the entire system, he said he didn't understand why (I spent an hour explaining it) and insisted that this option was a requirement. They wouldn't buy the module without it.


*slap forehead*
Sign in to follow this  


3 Comments


Recommended Comments

First of all, http://www.safenet-inc.com/

Second of all, why are they buying the module in the first place if they are removing the whole point? (Then again money is money, except when it is delieverd from their bank, then it's a few dollars more.)

Edit:
Oh yeah, ACH is mind blowing.

Share this comment


Link to comment
Sounds like the guy insisting on this "feature" is going to be the next guy to start diverting funds...

Share this comment


Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!