I’ll give an example. At my previous company there was a program where you basically select a start date, select an end date, select the system and press a button and it reaches out to a database and pulls all the data following that matches those parameters. The horrors of this were 1. The queries were hard coded.
-
They were stored in a configuration file, in xml format.
-
The queries were not 1 entry. It was 4, a start, the part between start date and end date, the part between end date and system and then the end part. All of these were then concatenated in the program intermixed with variables.
-
This was then sent to the server as pure sql, no orm.
-
Here’s my favorite part. You obviously don’t want anyone modifying the configuration file so they encrypted it. Now I know what you’re thinking at some point you probably will need to modify or add to the configuration so you store an unencrypted version in a secure location. Nope! The program had the ability to encrypt and decrypt but there were no visible buttons to access those functions. The program was written in winforms. You had to open the program in visual studio, manually expand the size of the window(locked size in regular use) and that shows the buttons. Now run the program in debug. Press the decrypt button. DO NOT EXIT THE PROGRAM! Edit the file in a text editor. Save file. Press the encrypt button. Copy the encrypted file to any other location on your computer. Close the program. Manually email the encrypted file to anybody using the file.
I worked for a mid-sized government entity where we handled PII data. Underneath us were local municipalities who were in charge of sending us that PII so that it could be registered at our level. For PII think licenses, IDs, sensitive stuff for sure.
Most of the municipalities were easy to work with, they did an SFTP drop or used a VPN or something.
A couple though were rural. Very rural, and didn’t have IT departments. They had Martha who works the counter from 1-4pm. Those places were… horrid. We had a special email where they would email us whatever formats they had. Unencrypted, completely open, we couldn’t do anything about it because it was their data and their rules, it was our job to simply accept what they had. We could of course make serious suggestions, point out how horrid this was, but at the end of the day it was their decision. So we had a job to log into an email account every day, check for an email from Martha’s hotmail account, and parse the excel file she used to read out private IDs and license numbers which she manually typed into it.
This was 20 years ago now so dear god I hope their laws improved.
@scrubbles
Don’t worry it’s completely different now. Martha retired so now Mary Ellen sends the emails.
@vrek
Triggered
Maybe this says something about me but I would write a script to get the excel file from the email and then do whatever you did to it.
At what point would it not be financially viable to just a write a program for the entry on your budget and then send it to the rural places?
above my paygrade that last question. As for the first, we did automatically pull it out of the email, but it was sent to us manually
Sorry I used to do gross margin improvement and that just seems ripe for cost cutting. Spend 100K one time, save $75k every year.
Was the email atleast encrypted?
Oh, oh no no no it wasn’t
It never is.