To be honest that is a very real security flaw, and should be fixed. Now with both IE and FF having tab browsing, and even before when a window spawned from a parent window, both shared a single session, it wasn't as big of a deal, honestly I tend to limit connections by ip and token so you don't run into these kinds of issues.
-----Original Message----- From: Bruce Sorge [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 6:25 PM To: CF-Community Subject: RE: I need an opinion Thanks Dana. Basically the errors are him doing things I did not expect him to do. Like having the administrator site open on one tab and the end user site open on another tab. When he finished with the admin stuff, rather than log out he closed the tab and then started on the end user part, and got an error because the browser did not know he was done with the admin stuff. I know that I can put some code in to log him automatically when the tab closes, but there will NEVER be an instance in the real world where the administrator and the end user are one in the same. The admins are city employees and the end user are council members. But I will put in the code that will automatically log you out when you close the tab/browser. Anyway, this is the kind of stuff I am dealing with. Of course I had one error where I forgot to put in a hidden variable in a CFIF statement, but this is why I am having him test it. I test the apps to the specs. It is up to the users to break it. Of course I try to break it, but I cannot come up with every single one-off scenario that the users can come up with. Well I basically bit the bullet on this one and spent the day debugging from home without pay (long story, stupid city politics). Anyway, I could not come up with any errors and I tried to be as stupid as I could be with the freaking app. So hopefully on Monday he will be happy with the results. And yes, you are right. It is a project management issue. When I interviewed for the job, it was only supposed to take 200 hours, and I am still working on it (started in December). The specs that I was shown at the interview led me to believe that the apps could be done in that amount of time, but once I had meetings with the stakeholders, I realized that the information I was given at the interview was merely the tip of the iceberg. Couple that with the fact that one of the most knowledgeable persons that I talked to was not even aware that I was doing this until I was well into the project. Once he caught wind of what I was doing, he asked me to show him what I had so far and basically threw a 24" monkey wrench into the system and set me back several weeks. Of course I have been keeping my manager up to date with my progress and issues that come up. But of course it is his manager that is giving him shit about how long it is taking to do this. He is a bean counter and only sees $$, not the real world shit. Fortunately the next project that they have me do, I get to call all the shots. BA, PM, Programmer. So at least I will know from the onset what is going to be involved so I can give a realistic estimate on the app. Hell, he is giving me 200 hours on this one just to spec out the app. Anyway, thanks all for letting me vent. I feel very much better today. Bruce -----Original Message----- From: Dana Tierney [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 1:26 PM To: CF-Community Subject: Re: I need an opinion I have had a similar problem, where the person who would sign off on a project was telling me that she did not want to see it again until it was "fixed." In that the "problem" was the warning that flash apps give when you run them locally and you click on a link, this was a mite difficult. She did not want me to change the setting on her computer that the warning said to change. On the other hand she did not want to actually have it loaded on the server until she saw that it "worked." Worked is in quotes here because it won't write a score to a file as advertised until someone gets around to telling me the path to the Perl installation. Anyway, this particular impasse was resolved when I explained matters to the guy with the password to the webserver, and he loaded it into a test folder on the server for me. Voila, error message gone. I guess if you are looking for us to say if you are right or wrong, I would need to know what these bugs are. Are they real bugs? Are they bugs in the sense that a user is getting a message he/she does not understand but that you are not being given the means to fix? Are they strange Windows error messages the user is getting because he/she is doing something wierd? In my opinon what you have is a project management problem, with, it sounds like, a lack of proper project management going on. You are the programmer not the project manager, sure, but in order to avoid becoming the person that these problems happen to, you may have to implement some management techniques. Agile methodolgies might avoid this in the future, yes, but for this situation... when the scope creep happened, was this documented and signed off on? What project documents were you given in the first instance? If the answer to the above questions is "not much" I'd suggest that you get the current sutuation documented --- what exactly it is that everyone wants fixed. Put the ball in their court. You can play CYA too you know, and honestly -- I have had one of these drag out over full-time work for several months. I'd be embarrassed to tell you what this made my hourly rate for the project. I became a believer. If what you are giving them is not what what they want, it is only fair that they should tell you what they do in fact want. This may take some meetings, and much as I dislike them myself, sometimes that is what you need -- a nice meeting followed by a memo of confirmation. Hope that helps Dana >Hello all, >I am soliciting opinions here. >I recently finished a few applications that are all tied in together. >Once I finished coding and testing, I released it to the manager here >for testing. The key word here is testing. I informed him that he may >encounter some bugs, but this is why I wanted him to test it. So of >course he encountered some bugs in the app. After about 4 or 5 bugs >later, he got pissed and said that he is not going to test anymore >until I get all of the bugs worked out. I tried to explain that as the >programmer I am not as objective as a user, and this is the reason for >testing. He said, "Well that may be the new way to develop, but when I >as a programmer we did not release anything for testing until we knew >it was bug free". I caved in and said that I will test it under every >scenario that I can think of. So my question is this: Who is right in >this instance? Is it reasonable to expect that a set of highly complex >applications that took several months to develop should be 100% bug >free? Hell, I encounter bugs all the time on major sites on the >internet, and these are being release to millions of folks, not like >the few hundred here that will use it. > >Oh, and a little history. He says that he is getting pressure from his >managers to get these app live. When I interviewed for this contract >back in December, based on the documentation given to me (about three >pages worth), I said that this could be done within the 200 hours they >budgeted. Well, after having a couple of meeting with stakeholders, I >realized that this was going to take way longer than 200 hours, I >informed my manager of this and he was OK with it. So now we have a new >assistant city general manager who is a numbers guy and watches his >budget like a hawk and apparently he is not happy with the progress. Of >course I explained all of this to him a couple of weeks ago, but I >guess since he is not a programmer he finds it hard to understand >things like scope creep and the fact that the applications were not >properly scoped out in the first place. Not only did the initial set of >meeting flesh out the inadequacy of the original scope documentation, >but I ended up meeting with the wrong person! The guy I was supposed to >meet with was on vacation and he was not made aware of what I was doing >until I had the first part of the app done and ready for testing. So >things changed drastically as a result of this, and added a few more >weeks to the development. > >My impression is that my manager is reverting to CYA mode and since I >am just a contractor, he is going to try to lay the blame on me. But >then again I may be getting paranoid here. > > >Thanks, > > > >-- >Bruce Sorge > >"I'm a mawg: half man, half dog. I'm my own best friend!" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Macromedia ColdFusion MX7 Upgrade to MX7 & experience time-saving features, more productivity. http://www.adobe.com/products/coldfusion?sdid=RVJW Archive: http://www.houseoffusion.com/groups/CF-Community/message.cfm/messageid:233484 Subscription: http://www.houseoffusion.com/groups/CF-Community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5
