Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Early versions of the Phoenix frameworks ORM would select every record if you didn't pass it an ID. I didn't know that and wrote a deletion endpoint forgetting to put said ID in. Tests passed (I mean it did delete...) and off to prod it went. Long story short: I deleted data for all our users. Thank God for backups.


I've seen this in 2019! One of our api partners has a deletion endpoint. It's

   .../delete/:id
If you don't pass an id... it deletes all records. Because that is a thing you would want, rather than a bug where you somehow got a null id.


Yikes. So much for failing fast.


I dunno. I bet a lot of things failed very fast.


At one point, we had a "do this thing on every machine" tool that interpreted --regions="" as --regions="*". Guess how we discovered this? Oops.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: