[chasd00]

I gave what my company calls a “lunch and learn” presentation once of some interesting tools. People liked it and shared my deck around which was cool. But then my quick/dirty examples started showing up in best practice (I loathe that term) decks shared to very large teams with my name at the bottom. A security guy, who I greatly respect, raised some questions and I had to go through the whole story with him and then find all references to my examples and fix them. It was pretty embarrassing.

[ThalesX]

I did a similar thing as part of a "lunch and learn". NodeJS + Express was super fresh and I did a small example app. When returning the user profile, I just queried the database and returned the entry displaying some properties on the frontend.

The team lead was like "show us the request in the console", and I opened it up and there was the non-encrypted password, createdAt date and basically all the not-needed properties.

I still cringe thinking about it.

[ranting-moth]

No need to cringe, this is exactly what demos are. A hack to demonstrate functionality.

[mikestew]

I still cringe thinking about it.

Meh, as a sibling comment points out, it's a demo, it'll happen. And when it happens, it's a teachable moment (assuming you can keep your head together as your demo falls apart before your very eyes): "Ah, so as you can see it's import to set the $DO_NOT_DISPLAY_PLAIN_TEXT_CREDS environment var to 'true', otherwise you get this disaster! Hahaha...ha."

Or if you don't know at the time what's going on, "obviously I'm just getting started on this myself, and need to play with some configuration. Better make sure I do before any of this goes to production! Hahaha...ha."

[chasd00]

hah what i did involved a db too, a string based query without sanitization introducing a possible sql injection. The input never came from a user and was sourced from a config file but i still should have known better. I learned that if you put it in a slide, no matter scope/purpose, it better be production quality because people are just going to copy/paste.

[catchnear4321]

copy/paste/“improve”

the only thing scarier than seeing your personal “not for prod” code running in prod by someone else’s hand. the “improvements.”

[l33t7332273]

I don’t think that’s so bad. It’s a demo, not an end product.

[bornfreddy]

> It was pretty embarrassing.

Maybe, but you did learn a lot too. A follow-up that explains all those fixes might be even more interesting than original presentation, as far as I'm concerned.

[codetrotter]

> best practice (I loathe that term)

Me too :( One of my coworkers keeps talking about “best practice” all the time. And he writes the most broken garbage of anyone I’ve met in a long time.

I’m often feel like quitting, because I do not enjoy working with him. But I like the company I work for. And I don’t want to spend time trying to find a new job at the moment.

[developer93]

I've found that vague reasons like "it's best practice", "that's the way it should be done" & "that's not scrum" are usually thrown about by people who don't actually know why they're doing that, they just learned it and now feel strongly about it but can't actually back it up.