Especially painful being a cybersecurity engineer;

Did something wrong with an if-statement.

Caused authentication to break completely; anyone could login as any user.

Was fixed veeeeeeery quickly 😅 (yes, was already live)

Nice!

assume drop on all logins, unless sucessful

Code path splits are always something to fear for their immense "lurking bug to be found ten years in the future" potential.

I often write code wich deliberately executes statements in all cases wich might also have been gated by a condition check.
That often even makes the code less performent on average. But the increased likelihood of finding critical bugs early on is worth it for me.

No tests?

My heart was racing throughout the entire thing

@ArtOfBBQ for a personal project I doubt there will be tests ...

Though I'm curious to know what was that bug and how simple was it to find it and exploit

@pxeger Beat me to it! I was going to post a link to that one...

@gitpush I don't recall except for the details I've given and no tests indeed, personal project

And this is why we do feature flags. We can turn that shit off fast when we need to.