Quote Originally Posted by Blakk_Majik View Post
I was once given the highly enviable task of prepping an ASP application (written entirely in Javascript mind you) for our users in the India office.

Now, India is broken into two seperate entities, so there had to be a way to make sure that the users from one entity did not see the data of the other. Cool, I can do that.

I finish the changes and test it out, and everything works great. However, I forgot that my id has super user priveliges, so no matter what I log in to on this app, I get in. Not a very good way to verify other user's access.

So, given the above, I install into production no problem. However, the "If" statement on one of my Javascript functions (that validates user access) was not written properly. So, I accomplished the task of getting the India entities blocked from looking at each other's data. But then, I also managed to lock out EVERYONE from every country that wasn't a super user. So for half the day after the install we are fielding calls from users in India, Japan, Mexico, Canada, and the UK.

I also, once learned a very valuable lesson about using delete statements without where clauses. I will only say that rebuilding 5 million rows of data is no picnic.
Here's another lesson, don't use Javascript for user authentication.