|
In order to write secure code... whatever how important is your input, do Not trust the client, validate input data even @ back-end
think about client Validation just like good interface, to ease user life, to reduce hits on the server... no more
Last Egyptian Physicist
www.ameen.rr.nu
|
|
|
|
|
What? That's all you got!? I've seen this s**tstuff for years!
|
|
|
|
|
What's so bad about being explicit about what you don't accept as a valid value?
Besides that, we also have a lot of literal values here. Checking the length against a constant or some configuration entry can be helpful, especially because the code's valid length may have changed over time. Throwing a plain vanilla exception with a literal message also is sloppy. It's not that hard to derive custom exeption classes for your application and would help in avoiding Pokemon exception handling.
I'm invincible, I can't be vinced
|
|
|
|
|
My fix
If IsPrime(90*code.Length+61) Then
Throw New Exception("Code should be 5 or anything above 7 characters long.")
End If
modified 27-Jan-12 10:13am.
|
|
|
|
|
Are you a member of Obfuscators Anonymous.
Chris Meech
I am Canadian. [heard in a local bar]
In theory there is no difference between theory and practice. In practice there is. [Yogi Berra]
posting about Crystal Reports here is like discussing gay marriage on a catholic church’s website.[Nishant Sivakumar]
|
|
|
|
|
Yeah, at the Novice rank. I hope to go up to Apprentice this year.
|
|
|
|
|
Hey, VB is great. It is much easier than C#. I do everything in C# but don't hate on VB.
|
|
|
|
|
Difference between VB or C# is a syntax, thanks to the .net framework. But if you ask what do I think is that C# is better. But ultimately it comes toward preference.
|
|
|
|
|
Just goes to show that some programmers haven't got a clue!
A perpetual holiday is a good working definition of hell.
|
|
|
|
|
"code.Length <> 5" is far too easy!
|
|
|
|
|
Indeed...
Dim counter As Long
For Each c As Char In code
counter = counter + 1
End If
If counter < 5 Then
Throw New Exception("The code is to short!")
ElseIf counter = 6
Throw New Exception("The code is to long!")
ElseIf counter = 7
Throw New Exception("The code is to long!")
Else
End If
It's an OO world.
public class Naerling : Lazy<Person>{
public void DoWork(){ throw new NotImplementedException(); }
}
|
|
|
|
|
Much better! LOL
bwa
P.S.: Does the happy face get output??
|
|
|
|
|
The happy face is a hidden VB feature in .NET 4
It's an OO world.
public class Naerling : Lazy<Person>{
public void DoWork(){ throw new NotImplementedException(); }
}
|
|
|
|
|
Surely "The code is tOO short"
It's an OO world, remember.
|
|
|
|
|
Indeed, not enough Objects...
It's an OO world.
public class Naerling : Lazy<Person>{
public void DoWork(){ throw new NotImplementedException(); }
}
|
|
|
|
|
These instances of code changes were not done by a programmer. A developer maybe, but not a programmer.
|
|
|
|
|
Perhaps we could debate a bit on the difference between programmer and developer?
Anyway, whoever made those changes had no clue what they were doing so it seems
It's an OO world.
public class Naerling : Lazy<Person>{
public void DoWork(){ throw new NotImplementedException(); }
}
|
|
|
|
|
I certainly agree that the coder was inept.
On the subject of developer vs programmer. Even though my title is,"Sr Developer Architect" I consider myself a programmer. I'm as comfortable using VI and make as I am Eclipse or Visual Studio. Therein lies the difference to me. I feel the word developer connotes one who requires the modern IDE with all it's pop-up hints, which 95% of the time just get in my way.
Then there is VI where one never has to take their hands of the keyboard to do virtually everything possible when it comes to the programming process.
I live in both worlds in my efforts.
Now all of that is entirely subjective observation so it's really not debatable. But I would be interested in your thoughts.
I'm going to destroy the Earth with my Illudium Q-36 Explosive Space Modulator! - Marvin Martian
|
|
|
|
|
MarvinMartian wrote: I'm going to destroy the Earth with my Illudium Q-36 Explosive Space Modulator! - Marvin Martian Ehhh... What's up doc?
I always felt a programmer to be more like someone who writes code that he is told to write while a developer thinks of how the code should be written and can write it too (somewhere between a programmer and an architect maybe?). I think my contract says I'm a software developer just like all my colleagues, but when it comes to coding new libraries and thinking about architecture I am a lot better than my colleagues who couldn't name a single Design Pattern or SOLID principle. And when it comes to that you are, judging from your title, far more skilled and knowledged than me even though you consider yourself a programmer.
I think everyone who writes code should have a basic, but solid understanding of architecture no matter their title. I think programmers and developers work at a small part of software while architects overlook the entire project. But then again, I work at a small company that doesn't have architects
It's an OO world.
public class Naerling : Lazy<Person>{
public void DoWork(){ throw new NotImplementedException(); }
}
|
|
|
|
|
It's interesting that we have the exact opposite view of what it is we think we are. LOL
It may be that when I started, there were no developers, only programmers. While in high school in the late 60's I wrote my first FORTRAN programs. They did nothing but they did spark an interest.
I became a mechanical engineer, primarily for the $$, however I continued programming my stress analysis in FORTRAN and gradually began to like that more than building amazing things out of steel etc.
I now occasionally do electronic design, embedded coding, real time data collection from operating room instrumentation all while "architecting" financial solutions using SOA at a large life insurance company.
I'm not boasting by any means. There is much I don't know. That's why I'm about to take a crash (8 week) course "Advanced Java Programming". Just so I can put it on my resume. (And take the official certification. You gotta know all the buzz words and acronyms.) In fact I learn something from every project I work on.
I'm currently discovering Android development having just installed everything I need. No iOS for me, I've seen "objective C", it ain't C! Also there is that $100 here and there and you can only develop on a Mac. (You can run iOS in VMWare but it crashes if the app you're running wants to identify the Mac you're running on!)
I am also proud of the fact that at age 63 I still have the urge to do this and learn more. Now that is the boast! LOL
I'm going to destroy the Earth with my Illudium Q-36 Explosive Space Modulator! - Marvin Martian
|
|
|
|
|
|
Can see this happening in Python:
if code.length in [0,1,2,3,4,6,7]:
....
Don't forget to rate my post if it helped!
"He has no enemies, but is intensely disliked by his friends."
"His mother should have thrown him away, and kept the stork."
"There's nothing wrong with you that reincarnation won't cure."
"He loves nature, in spite of what it did to him."
|
|
|
|
|
Naerling wrote: Throw New Exception("Code should be 5 characters long.")
Well, shouldn't error change accordingly?
Throw New Exception("Code should be 5 characters long or should exactly not be 6 characters or oh wait, not exactly 7 characters too, anything other than that.")
-
Just that something can be done, doesn't mean it should be done. Respect developers and their efforts!
Jk
|
|
|
|
|
Hi all,
I think the following could also qualify as a coding horror but I intentionally wrote it this way (one giant linq statement) because of a discussion with a collegue:
Directory.EnumerateFiles(args[0], "*.cs", SearchOption.AllDirectories).AsParallel().Select(f => new { File = f, Bytes = File.ReadAllBytes(f) }).Select(f => new { File = f.File, Bytes = f.Bytes, Encoding = f.Bytes.Take(3).SequenceEqual(new byte[] { 239, 187, 191 }) ? Encoding.UTF8 : Encoding.Default }).ForAll(f => File.WriteAllText(f.File, f.Encoding.GetString(f.Bytes).Split(new string[] { Environment.NewLine }, StringSplitOptions.None).Select(l => new { Line = l, Index = l.Select((c, i) => new { Char = c, Index = i }).FirstOrDefault(c => c.Char != ' ' && c.Char != '\t') }).Select(l => l.Index == null ? l.Line : l.Line.Select((c, i) => (i < l.Index.Index && c == '\t') ? " " : c.ToString()).Aggregate((s1, s2) => s1 + s2)).Aggregate((s1, s2) => s1 + Environment.NewLine + s2), f.Encoding));
Here another version where I tried to get a proper formatting:
static void Main(string[] args)
{
Directory.EnumerateFiles(args[0], "*.cs", SearchOption.AllDirectories).
AsParallel().
Select(f => new {
File = f,
Bytes = File.ReadAllBytes(f)
}).
Select(f => new {
File = f.File,
Bytes = f.Bytes,
Encoding = f.Bytes.Take(3).SequenceEqual(new byte[] { 239, 187, 191 })
? Encoding.UTF8 : Encoding.Default
}).
ForAll(f => File.WriteAllText(f.File,
f.Encoding.GetString(f.Bytes).Split(
new string[] { Environment.NewLine }, StringSplitOptions.None).
Select(l => new { Line = l, Index = l.
Select((c, i) => new { Char = c, Index = i }).
FirstOrDefault(c => c.Char != ' ' && c.Char != '\t') }).
Select(l => l.Index == null ? l.Line : l.Line.
Select((c, i) => (i < l.Index.Index && c == '\t')
? " " : c.ToString()).Aggregate((s1, s2) => s1 + s2)).
Aggregate((s1, s2) => s1 + Environment.NewLine + s2), f.Encoding));
}
So what does this do?
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
args[0] should be a directory where C#-Files are located (*.cs). It opens all files, does a bit of Encoding-analysis (this might not work in every case but its fine for me), replaces Tabs at the beginning of each line with whitespaces (4 for each tab), removes alle whitespaces and tabs in otherwise totally empty lines and writes the file back with the proper encoding.
Interestingly this runs faster than I would have expected. For a codebase with about 8800 files it runs just a few seconds. I would even think (haven't measured it) that searching, reading and writing the files is more time consuming than the rest of the linq in between.
Robert
|
|
|
|
|
It's so bad, you can't even get it in the right forum...
Panic, Chaos, Destruction. My work here is done.
Drink. Get drunk. Fall over - P O'H
OK, I will win to day or my name isn't Ethel Crudacre! - DD Ethel Crudacre
I cannot live by bread alone. Bacon and ketchup are needed as well. - Trollslayer
Have a bit more patience with newbies. Of course some of them act dumb - they're often *students*, for heaven's sake - Terry Pratchett
|
|
|
|