The spec we sent them had a lot of work put into it. A lot more than we would normally put into a spec for our on-shore development team. What we got back seemed fairly respectable. It looked right, it functioned right (at first), the marketing bods and board executives were over the moon with it and wanted to go live with it. So what's the problem?
- The solution was open to SQL injection at the login prompt
- Big performance issues with more than 2 users hitting the system
- When it did crash it displayed dirty unhandled exceptions
- User passwords stored in plain text in the DB
- Once you got into the detail, the entire object model was wrong. Entity relationships were completely wrong under the bonnet and been bodged at the application level to make it work
- Changing anything on the querystring caused unhandled exceptions
- Letting the session timeout and trying to continue with the session threw unhandled exceptions.
- When users register they are unable to login using the password they specified.
- DB - No indexes, no primary keys, no foreign keys, lots of redundant tables.
Later that day, after I'd raised all of these issues as to why we couldn't possibly put this live, the company directors dragged the UK based account manager into the board room to explain himself. Here's a summary of what he said:
"typical."
"I've heard it many times before from techies. Perfection and nothing less"
"Surely you're not going to let the tail wag the dog"
"don't delay launching as it's just coming off your bottom line"
"here's the final invoice"
We spent the next 12 months getting them to fix bugs reported by the general public. The website has now been pulled and no longer online.
No comments:
Post a Comment