Programming Security & reliability through implicit and explit methods
Programming Security & reliability through implicit and explit methods
It seems some people don't know when to use implicit ways of coding and explicit ways of coding. I'm not talking about type casting, I'm talking about things like security checks or like browser/windows version checks.
I'm writing this because a couple months ago I had a horrible time trying to get this app working that connects my laptop to the wireless internet on Win 2003 and it's because the coders app required WinXP. It seems their code worked something like (pseudo code)
Ver = WindowsVersion();
if ( Ver=="XP" )
{
print "Installing app";
}
else
{
print "You can't run this app";
}
When their code should have looked something more like
Ver = WindowsVersion();
if ( Ver=="95" OR Ver=="98" OR Ver=="ME" or Ver=="2000")
{
print "Sorry, you can't run this";
}
else
{
print "Install app";
}
The obvious problem here is that when Longhorn, Win 2008, Win 2050, etc come out, your app will no longer work. Ok ok, yes you can cheat and use XP/2003's new concept of compatibility by lying to the app about the version name, but that's getting around poor code, instead of simply writing it correctly in the first place.
In times when you need to specifiy a Windows or browser version because you are using a feature ONLY available in those versions, you MUST assume future versions will also contain it.
This is a great example for websites, if you're using some fancy CSS/Javascript and only IE 6.1 supports it, then say
if ( IEVer => 6.1)
absolutely DO NOT say
if ( IEVer == 6.1 )
because now you're excluding all future versions and who wants to go back and fix old code. It's very possible you won't have the code anymore because it's lost, or you don't work on that project anymore (ex: new job).
I'd say the ONLY time you should explicitly list items is when you're talknig about security. If you're doing on IP/username check then just list the IPs/usernames that are only allowed access. Do not apply explicit coding ideas to things that do not need explicit coding, it only causes headaches for users and yourself.