Security Issues in SQL Server

Security Issues

Security, IMSHO, is one of those interesting issues that everyone should be aware of. You cannot store a record or two in a database server without considering the security issues. What if a role is broken and a CC# is stolen? Huh? What if an intruder creates a new account/password pair without having the appropriate permission to do so?
Considering the security issues, however, doesn't mean that you can block every single intruder. I honestly believe that whatever you do to block intruders, there will always be another man on this earth who can break the rule. So, all you can do is just try your best to block most of those intruders - Remember, you cannot block all of them!
Well! The question now is what security has got to do with the SELECT statement. To understand this, you should know that there are 3 types of permissions in SQL-SERVER:

1. Object permission - which involves granting or revoking permission rights to the objects. By objects, we mean data and/or stored procedures. Does a certain user have the appropriate access to a certain database to query for a specific table and/or view? Does she have the proper right to insert, update, or delete a row within a table of a certain database? This is where "Object Permission" comes into play. This kind of data manipulation requires the user to have a class of permission called “Object Permission”.
2. Statement permission - which involves granting or revoking permission rights to create a database and/or table within a database. CREATE TABLE, CREATE VIEW, and CREATE PROCEDURE are 3 kinds of Statement permissions introduced in SQL-Server.
3. Implied permission - which states that the owner of an object has got the permission to control the activities of the object. Once a “foo” user owns a “bar” table, she can add and remove data on the “bar” table. The implied permission also states that the “foo” user can control the way other users work with the “bar” table.

With this information in hand, it is now time to say that granting or revoking those three types of permissions to users is done by database administrators, and therefore a programmer doesn’t care about such permissions. So, what is left to the programmer? Well. This is what we have considered as “Security Issues” and is discussed below.
To start, consider a typical ASP application that is supposed to let an authorized user to login to the system. To develop such an ASP application, we simply create a form containing two edit boxes, one provided for user name entry and the other to get a password from the visitor:

<!—-login.asp file!-->
<form method="GET" action="login.asp">
<table border="0" width="100%" cellspacing="0" cellpadding="5">
    <tr>
        <td width="13%">
            <font size="2" face="Verdana">User ID:</font>
        </td>
        <td width="87%">
            <input type="text" name="UserID" size="20">
        </td>
    </tr>
    <tr>
        <td width="13%">
            <font size="2" face="Verdana">Password:</font>
        </td>
        <td width="87%">
            <input type="password" name="Password" size="20">
        </td>
    </tr>
    <tr>
        <td width="13%">
        </td>
        <td width="87%">
            <input type="submit" value="Submit" name="btnSubmit">
        </td>
    </tr>
</table>
</form>

Considering “Mehdi” as the username and “mypass” as the password, the following URL is generated when the submit button is pressed:
login.asp?UserID=Mehdi&Password=mypass&btnSubmit=Submit
Therefore, to authorize a given user, we can simply write a function, namely, IsAuthorized as shown below:

Function IsAuthorized(szUser, szPassword)
 
        IsAuthorized = False
        oConnection = Server.CreateObject("ADODB.Connection")
        szConnection = "provider=sqloledb; server=myserver; uid=myid; "
        szConnection = szConnection & "pwd=mypwd; database=mydb;"
        oConnection.Open(szConnection)
        szSqlStatement = "SELECT * FROM Login WHERE UserID = '" & szUser
        szSqlStatement = szSqlStatement & "' AND Password = '" & szPassword & "'"
        oRS = Server.CreateObject("ADODB.Recordset")
        oRS.Open(szSqlStatement, _
               oConnection, _
               adOpenStatic, _
               adLockOptimistic, _
        adCmdText())
 
        If Not oRS.EOF Then
            IsAuthorized = True
        End If
 
        oRS.Close()
        oRS = Nothing
 
        oConnection.Close()
        oConnection = Nothing
 
    End Function

Now, let’s take a precise look to what we already wrote. Again, consider an intruder accessing our login page using the following user id: ' OR 1 = 1 --
What does actually happen in such circumstances? To understand this, let’s take a look at our SQL statement constructed in IsAuthorized function based on the above entry:

SELECT * FROM Login WHERE UserID = '' OR 1 = 1 --' AND Password = ''

Since two hyphen mentioned by the intruder indicates a user-provided text (i.e., comments) in SQL-92 standards, whatever comes after those hyphens is not considered as the SQL statement and therefore the above statement is simplified to:

SELECT * FROM Login WHERE UserID = '' OR 1 = 1

Well! You could guess the rest. Since 1 is equal to 1, the above-mentioned query results in all the rows already settled in the Login table. You see the intruder had neither user ID nor password but he has been identified as an authorized member.
In some circumstances, though, it will get even worst when an intruder inserts a pair of ID and password to a table. So what the heck can we do to prevent abusing the system? There are basically 3 ways to prevent such things:

1. Create a procedure, say, sp_is_authorized() to make the actual authorization on database side. This way, the intruder won’t be able to bypass the authorization process as described above. The specified procedure follows:
   
   

   CREATE PROCEDURE sp_is_authorized
      @user_id char(16), @password char(16) AS
      declare @nRet int
      select @nRet = count(*) from Login where
              UserID = @user_id AND Password = @password
      return @nRet
   GO
   

   
   We will talk about this usage of SELECT statement later in this article.
   
2. Rewrite the IsAuthorized function using the ADO parameterized queries:
   
   

   Function IsAuthorized(szUser, szPassword)
    
           IsAuthorized = False
           On Error Resume Next
           oConnection = Server.CreateObject("ADODB.Connection")
           szConnection = "provider=sqloledb; server=myserver; "
           szConnection = szConnection & "uid=myid; pwd=mypass; database=pubs;"
           oConnection.Open(szConnection)
           oCmd = Server.CreateObject("ADODB.Command")
           oCmd.ActiveConnection = oConnection
           oCmd.CommandText = "select * from Login where UserID= ? AND Password = ?"
           oCmd.CommandType = adCmdText
           oCmd.Parameters.Append(oCmd.CreateParameter("UserID", adChar, adParamInput, 16, szUser))
           oCmd.Parameters.Append(oCmd.CreateParameter("Password", adChar, adParamInput, 16, szPassword))
           oRS = Server.CreateObject("ADODB.Recordset")
           oRS = oCmd.Execute()
    
           If Not oRS.EOF Then
               IsAuthorized = True
           End If
    
           oRS.Close()
           oRS = Nothing
           oCmd.Close()
           oCmd = Nothing
           oConnection.Close()
           oConnection = Nothing
    
       End Function

3. Construct your dynamic SQL statement after the given user ID and password is checked against the invalid characters. The most common way to do so is using the Regular Expression component, RegExp, which is introduced with IE 5.0. Since describing it goes beyond the scope of this paper, we could simply leave it to the reader.

The final thing we are going to say in this regard is that the above-mentioned situation is still in charge even when you are using the POST method (instead of GET) to submit your form. I strictly emphasize that using the POST method to submit a form is not still secure if you are not going to apply the above-mentioned conditions. There are several ways that an intruder can POST illegal information to your form, and therefore you cannot count on this, solely. So, what we already mentioned is applied to any form (either submitted by POST or GET method) that processes user input.

7 Personality Types of Developers Today

7 Personality Types of Developers Today: " from Webdesigner Depot

Developers and programmers are meticulous individuals, and developers sometimes stand out even among themselves.

We introduced you to 7 types of designers in our article 7 Personality Types of Designers Today. Developers have peculiar traits and habits of their own. This article looks at 7 types of developers today and their defining characteristics.

“The best programmers are not marginally better than merely good ones. They are an order of magnitude better, measured by whatever standard: conceptual creativity, speed, ingenuity of design or problem-solving ability.”
—Randall E. Stross

Stereotyping is generally not good practice. But we’re not trying to squeeze individuals into categories. Rather, delineating these types can help you figure out where you stand and help you understand others.

1. The Self-Help Constructor

The self-help constructor does whatever it takes to get the job done with his experience and skill, no matter how limited.

For example, he may accomplish the job by finding open-source software and other free applications and tools. His best assets are his willingness to learn what he needs to complete the job and his ability to absorb the information like a sponge. He is resourceful, working with whatever is available to him.

Not every client will be impressed. Those who don’t know any better will praise his work, but the self-help constructor does not develop applications or plug-ins himself.

He merely exploits existing tools to construct something seemingly new for clients. With the wide range of sophisticated tools available today, this is becoming easier, but much less impressive.

2. The Experienced Old Man

He may not be the hippest guy in this energetic and creative field, but the experienced old man brings something valuable to the table: a wealth of knowledge and experience.

He may appear outdated, unable to keep up with the latest tools and technology, but he is wise and knows the basics like the back of his hand.

His battle stories of bygone days will fascinate and thrill. He may not be the fastest or most technologically savvy, but slow and steady wins the race, and he delivers the goods as he always has.

He proves that the old-school style of coding may be antique but isn’t extinct. He may not be your heaviest hitter, but in times of great need, you know you can count on the experienced old man to deliver.

3. The Hardcore Geek

Workaholic doesn’t begin to describe the hardcore geek, this martyr of developers. He goes beyond the call of duty to deliver the product and takes great pride in his work.

He spends his lunch hour at his desk working frantically to finish the project ahead of time. When he allows himself a little free time, he reads books, journal articles and the like to improve himself. Very much an introvert, he feels most comfortable in the world of code and programming jargon.

The more code the hardcore geek writes, the more content he feels. As great as he is with code, he makes for a much better worker bee than a leader.

4. The Scholarly Know-It-All

The scholarly know-it-all is a walking encyclopedia on programming. He can spend hours passionately discussing the history of a programming language or dissecting imperfect code.

He is the poet of the programming world, whose code is a work of art that can be appreciated and analyzed. Recursion is his middle name, and he tweaks every block of code to perfection, regardless of timelines or readability.

He sets high standards for himself, and his work sometimes complicates matters: a task that should take only an hour to complete takes him a few months. Mind you, he’s not incompetent. On the contrary, he is highly capable; but he makes work for himself by creating new tools and libraries and even reconstructing entirely new systems, all to meet his own standards.

He feels obliged to impart his knowledge to others and share his passion for the theory and technical intricacies of coding and programming. He tries his best to explain to clients why using state-of-the-art technology is so important. Every project is his precious child.

The scholarly know-it-all is great to have on your team, but be sure you can get him to spend his energy on the important details, rather than waste time satisfying his urge to delve into every nook and cranny.

5. The Ninja

The ninja is a man of few words and keeps to himself. While similar to the hardcore geek, he has more in his life than code and work.

He is an enigma: not outright friendly or forthcoming, but he works surprisingly well on a team. Everyone notices his tireless nature but can’t figure out how he does everything so well and so quickly. There is much evidence of his work but little evidence that he did it. “Show don’t tell” describes his modus operandi best.

Never outwardly frazzled (try as you might to throw him off), he resolves problems quickly and efficiently, regardless of time or place. The ninja’s stealth sends chills down your spine, and he leaves you wondering how he managed to accomplish his feat.

A lone ranger, he gets the job done regardless of his status on the team or his relationship with other members. His motto? Don’t have doubts; just resolve the problem quickly and efficiently. This no-nonsense attitude makes him an absolute joy to work with.

6. The Clever Ambassador

The clever ambassador is the face of the team. He is outspoken and the unofficial project manager. His knowledge of software development, project workflows and code theory is adequate, but he does very little of the actual programming or work.

He is quick to pick up leads and great at communicating with clients. He is the consummate ring-master, able to please both clients (the ferocious lions) and team members (the elephants that could easily trample him if they wanted).

In his supervisory role, the clever ambassador ensures that every project meets the requirements and satisfies the client. He is the go-between, representing the development team for the client and balancing client satisfaction with practicality.

Having to walk this tight rope, he often feels that he should be better compensated, despite never doing any heavy lifting (i.e. coding). He is the model who sits pretty in front of the camera selling the product, while the rest of the team (make-up artists, hair stylists, etc.) works behind the scenes, receiving lower payment for what amounts to the same work.

7. The Half-Cup Speedster

The half-cup speedster takes on multiple projects at once. He works much faster than most, but his amazing quantity is tarnished by its quality: his speed results from cutting corners and hacking core.

He feels that optimizing and checking code takes too long. His code is messy because he does not follow best practices and never makes use of object-oriented programming (OOP).

Amazingly, despite his code looking like a minefield, the product works just as intended. Cutting corners is generally not good practice, but in an impossible crunch, the half-cup speedster might be the person for the job.

Unfortunately, much like the handwriting of physicians, his code is practically indecipherable. Should someone need to fix a problem that surfaces later, they will surely encounter difficulties. You can’t fix what you can’t read or understand.


Written exclusively for Webdesigner Depot by Aidan Huang, a freelance front-end developer and designer. He is also an editor at Onextrapixel.

As we’ve seen, there are many types of developers in the field. Which do you most closely resemble? Have you met anyone who fits any of the categories mentioned here? Share your thoughts with us in the comments below…


If you find an exclusive RSS freebie on this feed or on the live WDD website, please use the following code to download it: y1oV1V

7 Personality Types of Designers Today

7 Personality Types of Designers Today: "from Webdesigner Depot

Design is a universal language. It transcends all cultural and national boundaries. It is diverse and ever-changing. Despite the fact that designs can be universally appreciated, the artists behind them are all unique and talented individuals.

What kind of designer are you? What is your philosophy? How do you contribute to the design community? Designers from different walks of life might have similar answers to these questions, and yet we are all different.

Some designers take it upon themselves to educate those who have not yet developed an appreciation for Web design and art. Some designers aim to improve the overall quality of design on the Internet.

And of course, some designers strive primarily to make a good living from their talents so that they can live a comfortable life.

Whatever your reason for being a designer, you are unique.

• If you want to be a well-paid designer, please the client.
• If you want to be an award-winning designer, please yourself.
• If you want to be a great designer, please the audience.

Spotting the 7 Different Designers

Human beings constantly wear masks to hide their true feelings, thoughts and personality quirks. Designers wear masks of their own: one to attend to clients, another to handle a project’s details, another to collaborate with colleagues and yet another to communicate with family and friends. Human nature is to wear a different mask according to the role one is playing.

Despite these masks, our true personality still shines through. There are seven different personality types of designers. Which one best describes you?

1. The Pablo Picasso Designer

A perfectionist, the Pablo Picasso designer does not stand for any pixel to be out of place or unsightly. Egotistical, he does not care about other people’s opinions, and he belittles them for their ignorance and lack of appreciation of design and the arts.

Principled, the Pablo Picasso designer has a strong mind and set beliefs that cannot be swayed by any amount of money. His only concern is for the ingenuity of ideas.

A man out to change the world of design, he does not succumb to the whims of clients, and he believes it is their loss if they do not heed his advice. Believing he is a cut above the rest, he admits to only a few other designers in the world being his peers. The Pablo Picasso designer sees himself, above all else, as an artist.

2. The Albert Einstein Designer

A smart man with an excellent work ethic, the Albert Einstein designer has the motto “No pain, no gain.” Unafraid of ridicule, he dares to be different.

If at first you don’t succeed, try, try and try again. Failure is the mother of all success, and the Albert Einstein designer has a never-give-up attitude that pushes him to continually reach his goals despite countless failures.

The Albert Einstein designer continues to create his own designs, putting them to the test in various design competitions. He may not get it right each time or win every competition, but he believes his hard work will eventually pay off and that he will be recognized for his talents and effort.

His strong faith and his belief in himself enable him to patiently wait for the day when he is praised for his contributions. To him, the question is not if he will be successful, but rather when will he attain his goals and be successful.

3. The David Copperfield Designer

The David Copperfield designer is a great storyteller and illusionist. Capable of anything, regardless of how seemingly impossible it is, he conjures the best designs for his clients.

Convincing his clients to hire him and only him to do everything is a simple task. Given everything he delivers to clients, he does not come cheap. After all, he gives them everything they want, which amounts to a cleverly constructed illusion. Using his great storytelling skills, he leads clients to believe that he is the only person they need to achieve their goals.

Behind the scenes, the David Copperfield designer orchestrates his illusions down to the second. Appearances can be misleading; outsourcing his tasks, he packages the result as his own work.

The client doesn’t realize who are the hard-working talents who support him. He manages the project and delegates work to others but claims credit in the end.

4. The Captain Hook Designer

Why create when you can steal? The Captain Hook designer is cunning and sly. He scouts for the most innovative and successful designs and makes them his own—not by blatantly duplicating, mind you, but by cleverly working in his own ideas and inspiration.

Craftily avoiding outright plagiarism, the Captain Hook designer mashes up several successful ideas to create a fresh “new” concept.

Money being his sole interest, the Captain Hook designer tries to squeeze as much as he can out of his designs. By making small, simple changes to the color, font and layout, he passes off designs as new creations.

Unfazed by whether he loses some clients, he simply finds new ones who are unaware of his tricks. His lives by the pirate code that dictates, “A good designer copies, but a great designer steals.”

5. The Mahatma Gandhi Designer

Believing he is obliged to right wrongs, the Mahatma Gandhi designer takes it upon himself to effect change through peaceful means. He feels an obligation to improve Web design standards, regardless of any difficulties or opposition he might face. If he has to achieve his goal one client at a time, he will gladly do so.

Sharing his design philosophy with whomever will listen, the Mahatma Gandhi designer tries to persuade others—designers, clients and the general public alike—to help him make the design industry a better place.

A forward-thinking man who sets trends, he advocates for what he believes is necessary to improve and sustain the design industry. Willing to sacrifice himself for the benefit of other designers, the Mahatma Gandhi designer does whatever he can to improve the world of design through peaceful and lasting change.

6. The Bashful Dwarf Designer

Shunning the spotlight, the Bashful Dwarf designer always feels like he could have done a better job. When praised, he is quick to share the credit with colleagues. Insecure about his talents, he is content to work behind the scenes and let others take the honor.

The Bashful Dwarf designer doesn’t think much of fame or fortune, and he prefers not to show his name or face. Lack of confidence is the cause: he believes many other designers out there deserve more recognition.

As long as he makes enough money to put a roof over his head and not go hungry, he remains content with his lot in life.

7. The Ella of Frell Designer

The real Ella of Frell fell under a spell and couldn’t say no to anyone. Slightly different, the Ella of Frell designer actually has a choice and does not have to do everything she is told.

Instead, she chooses not to decline her clients’ every wish. Believing the customer is always right, she goes out of her way to please clients. Clients never find fault with her because she is ever willing to make whatever changes they ask for. “No” is not in her vocabulary.

Often ignoring her better judgment, the Ella of Frell designer subjugates her design sense to the clients’ will in order to avoid displeasing them. She is at the client’s beck and call, night and day.

We Are All Different

Each designer has their own personality type. Whatever yours is, the important thing is to be true to yourself and honorable. Any one of the seven types covered here could be an extreme version of you. or you may see a little of yourself in each.

The only constant is change, and perhaps we have all been more than one of these seven at different times in our lives. We are, after all, always growing and hopefully wiser.



Written exclusively for Webdesigner Depot by Aidan Huang, a freelance developer and designer. He is also an editor at Onextrapixel.

Do you see yourself in any one of these personality types? Which best describes you? Share your thoughts on any Picassos, Einsteins, Hooks, Bashfuls, Copperfields, Gandhis and Ellas you may have encountered in this competitive industry.



If you find an exclusive RSS freebie on this feed or on the live WDD website, please use the following code to download it: X7Lk2h

"

7 Personality Types of Clients Today

7 Personality Types of Clients Today: " from Webdesigner Depot

In previous articles, we discussed seven types of designers and seven types of developers.

Designers and developers form two parts of the design trinity: the client completes it. You can have the technology to build something and the design to make it magnificent, but if someone doesn’t fund the project, it usually falls flat.

No one has the time to do such a thing for fun. Designers and developers need clients to build their portfolio, sustain their lifestyle and grow and learn.

Not all clients are difficult, so we’ll try not to stereotype. But in all honesty, the perfect client needs no introduction or description. The perfect client is rare, though not extinct.

Today’s article focuses on seven types of clients who aren’t so perfect. You can decide for yourself which of them are the lesser evils.

Common comments from clients:

“I want this done as well and as cheaply as possible.”
“This should be easy to do right.”

“I know of others who would do it for free, so please hurry up.”

“Don’t freelancers work for free?”

“I need a professional-looking and functional website, but I can only pay you when I start earning from it.”

Spotting the 7 Types of Clients

You have probably encountered all kinds of clients in your time. You may have worked with clients from hell, and you may have been lucky to work with amiable and respectful clients.

We need clients to sustain our business and to build our portfolio and reputation. Sometimes we have the luxury of choosing which projects to take on and which clients to work with.

So, who are these seven?

1. The Word-Breaker

“Promises are made to be broken,” says the word-breaker. Word-breaking clients remind us just how important it is to write a contract prior to commencing a project. Sometimes, though, even legal contracts do not prevent these clients from breaking their word. The word-breaker is dishonorable and can side-step the agreements in a contract. He expects you to honor your end but has no intention of fulfilling his own commitments.

The word-breaker is glib and charming, and he manipulates people into doing his bidding. He is always right in his own eyes and works hard to keep the upper hand. Be careful when dealing with the word-breaker because when something goes wrong, you will be the target in his firing range, and he will not hesitate to shoot you dead.

Client: “I’m the client! You can’t make me agree to your schedule!”

Freelancer: “But it’s in the contract you signed.”

Client: “That was a month ago—this is now!”

Freelancer: “You’ve changed your mind? Well, I could walk you through the creation process and explain why the schedule and the fee are as they are.”

Client: “I don’t care. I’m the client.”

2. The Garbage Collector

Less is not more—at least, not in the world of the garbage collector. As freelancers, we always hope that our clients have an idea of what they want, but the garbage collector goes to the extreme; prior to approaching you with his project, he has done plenty of research and assembled all of the designs that he likes.

This kind of person goes to a buffet and puts a little of everything on his plate. The garbage collector gathers all of the effects, functions and designs that have caught his eye and will insist that you include them in his project. The concept of usability is lost on him, even though you repeatedly try to explain it. It’s his way or the highway.

This type of client wants a construction worker, not a designer. “Do or do not; there is no try,” insists the garbage collector.

Client: “I hear a lot of new web technology has come out since we last spoke. Can you put all of it in our website?”

Freelancer: “Err, you’re won’t need all of it, and more features will cost you more.”

Client: “Then add $10 to the total cost. I’ll also need you to help me fill in the content, write a couple of articles and set up a marketing campaign for this.”

3. The Clueless Child

On the opposite end of the spectrum is the clueless child. Like a child with a short attention span, he is indecisive and ignorant. Working with the clueless child might not seem so bad at the beginning; he is agreeable and relies on your expertise. Problems arise after your initial agreement on the details of the project—when he starts to change his mind.

His interest was piqued by the details of the project, and now the clueless child is not so ignorant. Perhaps he has been hit by a sudden epiphany or has received feedback from friends, co-workers or other experts. He calls you in the middle of the night—whenever inspiration strikes—to tell you that he wants certain changes made.

It doesn’t end there. You make the changes he wants, and when he comes to view the project he brings his mother along. She then suggests more changes. After all, “Mom knows best.”

Client: “We want something that looks professional.”

Freelancer: “Okay.”

Client (three hours later, after you have sent proofs): “Get rid of that image and add this instead.”

Freelancer: “Okay.”

Client: “The blue isn’t right.”

Freelancer: “What Pantone color are we trying to match?”

Client: “Oh, you know—the color of the Miami sky at daybreak.”

4. The Queen of Hearts

Be prepared to be at the beck and call of the queen of hearts. A royal decree must always be obeyed, and the queen is of the opinion that you are blessed to be showered by her favor. She has no concept of weekends, public holidays or time itself. A summons in the middle of the night is a common occurrence.

Your loyalty is expected, your respect demanded. The queen of hearts wants you to fix all her problems, and she wants it done yesterday. She wants you to be a designer, developer, technician, networker, anti-virus expert, plumber and even nanny. Her wish is your command. And don’t expect to be paid extra—for she is your queen; obedience is your privilege.

Just learn to say, “Yes, your majesty.” And learn it fast or it’s “Off with his head!”

Client (calling at five minutes to midnight): “It’s not too late, is it? I Googled my name, and there is some nasty stuff about me on the Internet. This guy saying on his blog that I am an idiot. I want you to remove that blog and block the Internet if they keep writing crap about me.”

Freelancer: “I can’t do that.”

Client: “Well, get someone else to do it then. I want all nasty stuff about me removed from the Internet today. And make sure no one can write bad things about me again. I want you to control the Internet.”

Freelancer: “I can’t control it, and neither can you.”

Client: “Well, if you won’t do it, then I’ll find someone who will.”

Freelancer: “Good luck. Let me know how that goes.”

5. The Smart Aleck

The smart aleck thinks he knows it all. This client probably has an interest in design and has read a couple of books about it. He sticks his nose in the air and looks down at you from his pedestal. The smart aleck feels compelled to interfere because he wants his “expert views” to be taken into consideration.

The truth is: the smart aleck knows very little about design. He is arrogant, shows blatant disrespect and doesn’t think it beneath him to order you around and insist that his ideas are better than yours. He tells you everything without really saying anything. He has particular ideas about what he wants but never communicates them explicitly. “It’s so easy even a monkey could do it,” he claims.

Client: “I’ve studied design, so basically I know what I want.”

Freelancer: “Sure. What do you want exactly?”

Client: “You’re the designer. You come up with the idea—but it better match mine.”

Freelancer: (in astonished silence).

6. The Nitpicker

The nitpicker might seem a tad meticulous during the negotiation phase, but he appears normal on the whole. When you start production and show him your progress, though, you’ll see this client’s true colors.

“Hold it right there! I’ve got a bone to pick with you,” says the nitpicker. There is always something wrong with what you’ve done: the color is not what he envisioned, the border is a few pixels too wide, the images are not as exciting as he expected.

The nitpicker scrutinizes your work and never fails to find fault with it. His grip on the project is tighter than a noose. One could call him a perfectionist, but the truth is he’s just trying to get his money’s worth by ensuring that you work doubly hard for the money that you will wrench from his cold unwilling hands.

Client: “The site looks great, but I need you to do it again.”

Freelancer: “Um, okay. What for?”

Client: “You know! You made the website on a Mac, so you need to make another one on a PC for people who don’t use fancy computers like you.”

7. The Scrooge

The scrooge wants everything for nothing. Discounts, freebies and sales make him happy. Even if he doesn’t need it, he wants to get his hands on a free item “just in case.” Like his namesake, this client is a money-pincher who gives you all kinds of trouble on payday.

Even prior to payday, expect plenty of issues with payment. And expect to battle for months with the scrooge over final payment for the project—you can certainly expect him to want the agreed-upon amount to be heavily discounted. The scrooge is the ideal person to bring to a bargaining market, but pray he is on your side and not the other.

When the project is completed and it’s time for the scrooge to cough up, you’re in for a surprise. He is not afraid to renege on your fees, and he insists on further discounts, despite your unwillingness. In his attempt to save money and reduce costs, he suggests a barter system or offers a monetary equivalent from his belongings. Expect the unexpected. Once you’ve been paid and are nearly out of earshot, the scrooge inevitably murmurs, “Bah, humbug!”

The war isn’t over either. Your dealings with the scrooge could be lifelong. He expects you to fix everything that crops up with his website, so don’t be surprised if the scope of your job expands over time.

Freelancer: “Here’s the invoice for $400.”

Client: “Okay, thanks.”

Three days pass.

Freelancer: “I think you made a mistake. You paid only $300.”

Client: “No, I gave myself a discount.”

Freelancer: “I never agreed to a discount.”

Client: “Well, we won’t be using the design anyway.”

Clients: Devil Incarnate?

Are all clients mean and pushy? Have you encountered clients who break the above stereotypes and are real gems? If you have, then you’re a lucky one.

Every client has a different level of knowledge of design and development. They also have different expectations. Not every client will appreciate your attempts to educate them on web design. Some will take the designer or developer for granted and try to bully them.

Still, blaming the clients entirely is not fair. They have been coddled and spoiled by designers and developers who condoned their methods and encouraged their outrageous behavior. If we want our industry to be fair and just, everyone has to do their part to prevent bullying. We are all responsible for the atmosphere of the industry.


Note: some quotations were extracted from the website Clients From Hell. Thumbnail image courtesy of Sébastien Roignant

Written exclusively for Webdesigner Depot by Aidan Huang, a freelance developer and designer. He is also an editor at Onextrapixel and is the owner of InspireMonkey, a creative blog.

Of the clients mentioned above, which do you detest the most? If you have a horror story of your own, feel free to vent in the comments section below. We are happy to hear about your client woes.

If you find an exclusive RSS freebie on this feed or on the live WDD website, please use the following code to download it: H0Oa9C

"