FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Lilupophilupop
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Lilupophilupop [message #176612 is a reply to message #176605] Wed, 11 January 2012 14:23 Go to previous messageGo to previous message
Erwin Moller is currently offline  Erwin Moller
Messages: 228
Registered: September 2010
Karma:
Senior Member
On 1/11/2012 9:29 AM, M. Strobel wrote:
> Am 11.01.2012 01:31, schrieb Peter H. Coffin:
>> On Sat, 07 Jan 2012 18:27:15 +0100, Thomas Mlynarczyk wrote:
>>
>>> Jerry Stuckle schrieb:
>>>
>>>> Validating all input from the user is just good programming practice.
>>>
>>> And properly (!) escaping output (this includes stuff that goes into
>>> SQL queries). As I see it, these two simple measures should prevent
>>> 99% of all security vulnerabilities. I'd be interested in learning
>>> about the remaining 1% though.
>>>
>>>> Nothing new here - it just shows there are a lot of programmers out
>>>> there unconcerned with security.
>>>
>>> Indeed. But I don't understand why this is so. After all, we're not
>>> talking about the personal homepage of some newbie showing pictures
>>> of his dog and favourite cookie recipes. The problem exists also (if
>>> not especially) with real big professional sites, even sites where
>>> security is paramount (online banking), run by people who should have
>>> more than enough money to pay competent, security-aware programmers to
>>> do the job properly. I just don't get it.
>>
>> Good programmers and idiots are indistinguishable to anyone that is not
>> a good programmer. The people making the hiring decisions are not good
>> programmers. Ergo, idiots and good programmers get hired in proportion
>> to the frequency of each in the job market, and the idiots move on to
>> other positions far more frequently, voluntarily or involuntarily.
>>
>> Which also means that even if good programmers and idiots are in roughly
>> equal measure, the good programmers are not in the market for new jobs
>> nearly as often, make up a smaller portion of the market, and
>> not-programmers are unlikely to hire them by accident.
>>
>
> I agree.
>
> But beware the fallacy of the single cause. Good programmers and
> idiots can change under certain conditions - learn and un-learn
> good programming.

my 2 cent:

I seldom saw good programmers go downhill and become bad.

But a lot of bad programmers will never become good, because they lack
analytical skills. I do not know if it is nature or nurture (probably
both), but many people simply lack analytical skills.

>
> And even good programmers make compromises in their code under
> the pressure of time-to-market.

Yes, but good programmers complain clearly to the client/boss when they
are expected to deliver something complex in a short time.
Take some pride in your work!

I flat out refuse when I expect my work will suck. I do not mind some
healthy pressure, but when I am expected to take all kinds of
strange/stupid shortcuts, I simply refuse.
Unless you do drone-work, you must have some time to think and reflect
on the code you produce.

Regards,
Erwin Moller


--
"That which can be asserted without evidence, can be dismissed without
evidence."
-- Christopher Hitchens
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Running function in the background?
Next Topic: Magic quotes? Should I still be cautious?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 24 23:29:40 GMT 2024

Total time taken to generate the page: 0.04514 seconds