Sign in Subscribe

"balls": The day I locked everyone out of the company intranet.

Dan Cowell

2 min read
"balls": The day I locked everyone out of the company intranet.
Photo by Ellen Qin / Unsplash

I was just over a month into my first job in the tech industry - a lowly HTML jockey and frontline support drone at a local web agency.

Everything that could have gone wrong this particular morning, had. I'd woken up late, made a mess of my breakfast, there was a deadline to meet, and I hadn't even had a chance to grab my customary morning cup of coffee from the cafe next door on the way to the office.

Now our Intranet was telling me my password had expired.

Apparently, someone forgot to tell me that we needed to change them monthly, lest we get locked out of the system. Our home-brew Intranet software didn't have advanced features like password recovery.

I loaded up Skype and pinged our sysadmin for help. He helpfully told me that although I was locked out of the portal, my SSH key was still good for logging in to the database server and my user account had write access to the intranet database.

All I had to do was change my password to something simple I could use to log in, then use the web UI to set something secure and save it to my password manager.

In my un-caffeinated and grumpy state, I banged out this work of art:

mysql> UPDATE TABLE users SET password = md5('balls');
Query OK, 38 rows affected (0.02 sec)

Shit. I had just changed the entire company's intranet password.

I checked my watch. 8:53 AM. I had mere minutes before everyone got to work and started trying to log in.

I got straight back on Skype and asked our sysadmin if we took nightly backups. He asked me why I wanted to know.

I sent a screenshot of my shameful performance.

After a good laugh and some gentle ribbing he restored the users table to its former state. I immediately got up from my desk, got a cup of coffee and went for a walk to clear my head before I could do any further damage. Upon returning I fixed my broken query and got on with my day.

To my knowledge, this indiscretion has never been spoken of until now.

Lessons learned.

Mistakes happen, especially early in your career. I was able to get this fixed before it blew up because I communicated my mistake promptly and got the right person involved in fixing it.

All of your colleagues have done something dumb. Don't be afraid to tell us when you make a mistake. We all remember our first screw up and will be happy to help.

Aside from that general life lesson, I walked away with these rules that I've followed in every subsequent role:

  1. Make friends with your sysadmin, and stay in their good books at all costs,
  2. Don't operate in production without coffee - or tea if that's your jam,
  3. Don't run updates directly in the database console, and
  4. If you insist on living dangerously (because really, this kind of thing is way too common in smaller organizations,) always BEGIN TRANSACTION first.