[1] Is what (I believe) they were talking about. Rather than configuring these in a sane way you just scan configuration barcodes. I didn't see anything on the list that was too dangerous but you could change the maximum input length or allow full ASCII encoding which could be dangerous if the programmers assumed that the barcode reader returns a fixed length string of numbers.

[1] https://cdn.sparkfun.com/assets/b/5/0/e/e/DY_Scan_Setting_Ma...

honestly that sounds like a super-convenient and easy to use approach. field-configuring in an instant without any specialized hardware is great.

... but yeah, it should require pressing a recessed button with a pin or something. not allow it all the time.

Bingo. The better ones will only accept scantags if you scan the "enter config mode" within 30 seconds after power-on, for instance. Or yes, a hidden button on the underside of the checklane.

That's rare though, and sometimes the installer disables it for convenience while they're debugging the system and never re-enables it. So the vast majority of scanners in the wild will happily accept an enter-config-mode at any time.

A lot of them are configured by literally scanning settings. These "settings" barcodes are often left out in the open, or east to recreate. I used to have a "cheat sheet" when i managed scanners in a warehouse

https://downloads.dell.com/manuals/all-products/esuprt_tab_m...