We had this internal web application. It had its own separate username/password table. I was asked to make it so you could login with your regular password instead.
It wasn't hard to solve the password part. I could make the web app consult the main system to verify your password at login. But... I couldn't eliminate the web app's user table entirely. It was too fundamental.
So I built a thing that ran periodically, got a list of users from both places, diffed the lists, and then did the required create/update/delete operations on the web app's user table. Thus the web app's user table mirrored the main login system.
I rolled this thing out and babysat it, keeping an eye on its log file. Naturally my code logged operations done on the user table. And I was like, "Hey, this is telling me who is joining and leaving the company!"
It even gave me a little additional info. The web app had certain roles and permissions, and these needed to correspond to organizational structure, which I got from the main login system. So if a user's web app roles changed, it was a clue they may have switched teams or got promoted.
I felt like I needed to be a bit careful with this info. Not that I wasn't allowed to have it, but I don't think IT expected anyone to have a tool that would make it that easy to notice changes as they happen. Potentially, I could have known someone was fired before their manager told them or something like that.
TLDR: Tried to streamline operations, accidentally developed a signals intelligence capability.
We had this internal web application. It had its own separate username/password table. I was asked to make it so you could login with your regular password instead.
It wasn't hard to solve the password part. I could make the web app consult the main system to verify your password at login. But... I couldn't eliminate the web app's user table entirely. It was too fundamental.
So I built a thing that ran periodically, got a list of users from both places, diffed the lists, and then did the required create/update/delete operations on the web app's user table. Thus the web app's user table mirrored the main login system.
I rolled this thing out and babysat it, keeping an eye on its log file. Naturally my code logged operations done on the user table. And I was like, "Hey, this is telling me who is joining and leaving the company!"
It even gave me a little additional info. The web app had certain roles and permissions, and these needed to correspond to organizational structure, which I got from the main login system. So if a user's web app roles changed, it was a clue they may have switched teams or got promoted.
I felt like I needed to be a bit careful with this info. Not that I wasn't allowed to have it, but I don't think IT expected anyone to have a tool that would make it that easy to notice changes as they happen. Potentially, I could have known someone was fired before their manager told them or something like that.
TLDR: Tried to streamline operations, accidentally developed a signals intelligence capability.