Yup, that was pretty much my response today in reply to something someone emailed to me..
But first, lets reverse a little..
Okay, I'm pretty much looking after the company webserver at the moment, we'd just moved one of the other websites in the group over to our server for more central administration etc.
The previous company who wrote all the interface etc is one we've worked with for many years on and off, so we let them use remote access to do the setup etc, all this went hunky-dory, and the site went live..
Only they'd missed a couple of bits out from the administration part of the website, so they asked me to do a couple of things...
1) Buy and install a file upload system (Yeah, I know, but apparently rewriting the back end to use the standard asp.net file uploading routines was too much work as it was all customised etc..
2) install a spellchecker script...
Number 2 is where my response in the title comes in...
Okay, so I need to install the PHP interpreter for IIS, which is no big deal, and install the spellchecker scripts, fine too..
Then I read further down the email, and did a double-take:
Buh?!?!
Yes, I had read that right...
So I replied and said that it wasn't going to happen due to it being
A MASSIVE SECURITY HOLE, and would end up leaving our company liable if anyone exploited the hole...
I then received an apologetic reply...
But they'd used remote access and DID IT THEMSELVES ANYWAY!
As I reversed their actions, I did ponder just when the hell they were going to tell me about the big gaping hole they'd left..
Needless to say, they no longer have remote access, and their FTP access has been locked down very much tighter..
Just goes to show, even if someone has many years of experience, it doesn't stop them being utterly, utterly stupid!
Oh, and the people who used the admin section of that website didn't care about the spellchecker anyway!