Basically, the program it's for supports importing bank transactions; we want to be able to import bank transactions, sit on them until we have clearance to process them, and then actually process them. I can't go into more details without violating NDA's up the wazoo, but here's the basic rundown of the process:
1) Import transactions
2) program verifies authenticity of transactions
3) program waits until it has permission to process them (can take more than a day)
4) program processes transactions
Now, one of our customers has an insecure setup and cannot change it for whatever reason, so the data that is just sitting around, waiting to be processed in step 3, can be modified.
In fact they had a problem where someone was modifying the transactions after they've been verified to route small amounts of money into his account (a classic scam), and no one would be the wiser, since these transactions had already been verified. D'oh.
So anyway, my job for the past 2 months was to set up a verification system. Whenever step 2 completes, a carbon copy of the transaction is saved on an ultra-secure system which CANNOT be modified at all (ok, it can, but I've done the absolute best I can without resorting to encrypting the data and throwing away the key :P), so that when step 4 rolls around, it compares the transaction data on both systems, and if there is any mismatch, then it will refuse to process the transaction.
It's neat; it's a hack of course, because the customer doesn't know how to set up a better system, but it works.
Now the worst part is; in a work review today, the customer told me to add a feature. They want an easy way to skip the verification check. And they want this setting to be placed on the insecure server. When I told them that this will completely nullify the entire system, he said he didn't understand why (I spent an hour explaining it) and insisted that this option was a requirement. They wouldn't buy the module without it.