Ask HN: Have you ever ignored a bug that came back to haunt you?

5 pointstobaschco8y ago5 comments

5 comments

Yes, fun story.

In the early 2000's, I was working at a company that implemented the ecommerce website of a large electronics company. This company decided to start up a new add-on business targeting users of one of there existing product lines. I was tasked with doing the cart checkout process on the new site. One of my tasks was to handle the scenarios where a customer was checking out as a guest, an existing user logging in during the checkout process, and creating a new user account during the checkout process. I was told to implement the flow on the new site exactly the same as the existing site.

In the process of doing so, I discovered a MAJOR security hole in the existing site. Specifically, if you were going through new account creation, and you entered in the email address of an existing user, the system would automatically log you in as that user. This was even semi-documented in the comments as "we assume the user forgot they have an existing account". I raised this up to my superiors who didn't grasp the severity of the problem and instead ordered me to reproduce the behavior EXACTLY. So we implemented it and pushed it out like that. I was straight out of college and wasn't comfortable at the time of going over my bosses heads and talking directly to the client.

Three months down the road and everything is implemented and the client is happy. They were onsite with us for a visit and I was walking somebody through testing some new enhancement. We needed to switch to a different test user account and they were looking through their notes for the password and I was like "No need, we can just use the forgotten account login." They thought I was talking about resetting the password through email, so I showed them how the system worked and their jaws just dropped. Well let's just say at that point the issue got escalated super rapidly. I got majorly crapped on by both the client and our management (since I hadn't had the forethought to document my boss's rejection of the bug).

I've run into the same situation since then, where management refuses some bug they don't deem significant. But now I'm a lot more diligent of documenting those decisions in email and other means. :)

tobaschcoOP8y ago

I also ran into something like this, being young and straight out of university. The company I worked for at the time basically generated a 2.5 million line XML file that would be sent to various parties to be transferred to get the data that was relevant to them.

I was responsible for changing the generation of this file (in Oracle PL/SQL ... yuck) to a new schema which was vastly different. Needless to say I just silently ignored a lot of bugs which I kept justifying myself weren't real issues because we had a massive time constraint. I'm talking 100 hours of dev work in a month type shit. Well I managed to offload all the problems onto the client in the end because it turns out they had introduced a fair share of issues themselves (they were the ones that came up with this schema). It was pretty shite though and I'm glad I don't work in that kind of toxic space.

drakonka8y ago

Yes, right now. It was deemed as not important enough (by me and others on the team) as the user base it affected never used the functionality that was broken for them anyway and the users who did use this functionality were not affected by the issue at all. Now we are doing some changes to our overall environment setup and suddenly this same bug is going to affect all users who currently rely on the functionality.

bewe428y ago

Bugs, no. Bad/smelly code: yes, all the time. That's what separates senior from junior devs: over the years you'll learn it'll come back to haunt you eventually, so better to deal with it earlier than later.

SirLJ8y ago

sure, usually the performance related stuff...

j / k navigate · click thread line to collapse