FUDforum: comp.lang.php » Lilupophilupop

Home » Imported messages » comp.lang.php » Lilupophilupop

Show: Today's Messages :: Polls :: Message Navigator

Re: Lilupophilupop [message #176612 is a reply to message #176605]

Wed, 11 January 2012 14:23

Erwin Moller
Messages: 228
Registered: September 2010

Karma:

Senior Member

On 1/11/2012 9:29 AM, M. Strobel wrote:
> Am 11.01.2012 01:31, schrieb Peter H. Coffin:
>> On Sat, 07 Jan 2012 18:27:15 +0100, Thomas Mlynarczyk wrote:
>>
>>> Jerry Stuckle schrieb:
>>>
>>>> Validating all input from the user is just good programming practice.
>>>
>>> And properly (!) escaping output (this includes stuff that goes into
>>> SQL queries). As I see it, these two simple measures should prevent
>>> 99% of all security vulnerabilities. I'd be interested in learning
>>> about the remaining 1% though.
>>>
>>>> Nothing new here - it just shows there are a lot of programmers out
>>>> there unconcerned with security.
>>>
>>> Indeed. But I don't understand why this is so. After all, we're not
>>> talking about the personal homepage of some newbie showing pictures
>>> of his dog and favourite cookie recipes. The problem exists also (if
>>> not especially) with real big professional sites, even sites where
>>> security is paramount (online banking), run by people who should have
>>> more than enough money to pay competent, security-aware programmers to
>>> do the job properly. I just don't get it.
>>
>> Good programmers and idiots are indistinguishable to anyone that is not
>> a good programmer. The people making the hiring decisions are not good
>> programmers. Ergo, idiots and good programmers get hired in proportion
>> to the frequency of each in the job market, and the idiots move on to
>> other positions far more frequently, voluntarily or involuntarily.
>>
>> Which also means that even if good programmers and idiots are in roughly
>> equal measure, the good programmers are not in the market for new jobs
>> nearly as often, make up a smaller portion of the market, and
>> not-programmers are unlikely to hire them by accident.
>>
>
> I agree.
>
> But beware the fallacy of the single cause. Good programmers and
> idiots can change under certain conditions - learn and un-learn
> good programming.

my 2 cent:

I seldom saw good programmers go downhill and become bad.

But a lot of bad programmers will never become good, because they lack
analytical skills. I do not know if it is nature or nurture (probably
both), but many people simply lack analytical skills.

>
> And even good programmers make compromises in their code under
> the pressure of time-to-market.

Yes, but good programmers complain clearly to the client/boss when they
are expected to deliver something complex in a short time.
Take some pride in your work!

I flat out refuse when I expect my work will suck. I do not mind some
healthy pressure, but when I am expected to take all kinds of
strange/stupid shortcuts, I simply refuse.
Unless you do drone-work, you must have some time to think and reflect
on the code you produce.

Regards,
Erwin Moller

--
"That which can be asserted without evidence, can be dismissed without
evidence."
-- Christopher Hitchens

Report message to a moderator

[Message index]

		Lilupophilupop By: M. Strobel on Sat, 07 January 2012 12:15
		Re: Lilupophilupop By: Jerry Stuckle on Sat, 07 January 2012 13:15
		Re: Lilupophilupop By: Thomas Mlynarczyk on Sat, 07 January 2012 17:27
		Re: Lilupophilupop By: J.O. Aho on Sat, 07 January 2012 17:52
		Re: Lilupophilupop By: Jerry Stuckle on Sat, 07 January 2012 21:02
		Re: Lilupophilupop By: Peter H. Coffin on Wed, 11 January 2012 00:31
		Re: Lilupophilupop By: M. Strobel on Wed, 11 January 2012 08:29
		Re: Lilupophilupop By: Jerry Stuckle on Wed, 11 January 2012 13:42
		Re: Lilupophilupop By: Erwin Moller on Wed, 11 January 2012 14:23
		Re: Lilupophilupop By: Gregor Kofler on Sat, 07 January 2012 13:28
		Re: Lilupophilupop By: M. Strobel on Sat, 07 January 2012 15:13
		Re: Lilupophilupop By: Thomas 'PointedEars' on Sat, 07 January 2012 17:03
		Re: Lilupophilupop By: Gregor Kofler on Sat, 07 January 2012 19:34
		Re: Lilupophilupop By: M. Strobel on Sun, 08 January 2012 13:53
		Re: Lilupophilupop By: Gregor Kofler on Sun, 08 January 2012 14:27
		Re: Lilupophilupop By: Jerry Stuckle on Sun, 08 January 2012 15:00
		Re: Lilupophilupop By: Gregor Kofler on Sun, 08 January 2012 17:29
		Re: Lilupophilupop By: Jerry Stuckle on Sun, 08 January 2012 20:49
		Re: Lilupophilupop By: Gregor Kofler on Sun, 08 January 2012 21:59
		Re: Lilupophilupop By: Jerry Stuckle on Sun, 08 January 2012 22:38

Previous Topic:	Running function in the background?
Next Topic:	Magic quotes? Should I still be cautious?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Sep 27 14:20:22 GMT 2024

Total time taken to generate the page: 0.07883 seconds