A while back, my company was subcontracting to another company on a government contract.
One day they called in a panic, saying the system wasn't working and I had to drop everything
and get out there NOW. It was a couple of hours through DC Beltway traffic to get there, so I
wasn't enthusiastic, but I didn't really have a choice.
So I showed up, found the guys with the problem, and they sat me down at a computer. This
was running their test version of the system without our debug passwords installed. So I asked
for the system password, only to be told it would take a couple of hours to find out whether I
was even allowed to have it. "Ah, got it!", I crowed, hammering the keyboard like a maniac.
"What's the database password?" Again, they said it would be a while before I could get that.
A few seconds later, I chirped "Ah, I figured it out" and kept going. "What's your encryption key?"
And so forth.
It turned out the problem was that the software, just sitting there doing nothing, would absorb
72 database connections, and each user session took six more. It didn't take many users before
they'd hit the limit of 100 simultaneous connections. They asked me how to fix it, and I explained
that they had two choices - rewrite the software to not be so profligate with database connections,
or increase the number of allowed simultaneous connections. "How do we do that?", they bleated.
I explained that the proper way to increase the number of database connections was to write a large check to the database vendor. They didn't like either answer.
I later heard that their security manager had been aghast at my "hacking" their system to obtain
the passwords needed to do the job they insisted I come do instantly, and I was no longer allowed
in their data center. Which was fine with me.