Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re: Re: Use placeholders. For SECURITY!

by hardburn (Abbot)
on Nov 14, 2003 at 16:01 UTC ( #307078=note: print w/ replies, xml ) Need Help??


in reply to Re: Use placeholders. For SECURITY!
in thread Use placeholders. For SECURITY!

I'd rather employ someone who knows how to do right and uses placeholders than someone who uses placeholders because they saw an article on a website that told them they should "for security." The former's understanding would be far more valuable than the latter's best practices.

I think it's more common that programmers think they know how to do it right, and will probably even be able to fool an interviewer into thinking they know how to do it right, but will often miss an edge case. Or perhaps they know how to do it right for MySQL, but the same code doesn't catch a potential problem for PostgreSQL.

I understand enough to know that I don't understand, which might sound self-detrimental, but it actually puts me way ahead of programmers who think they know what they're doing but actually get it wrong. Admiting the fact that I don't understand the complete problem set, I use placeholders because someone who does understand already did the work for me. If that person actually didn't understand (i.e., there's a bug in a DBD's placeholder mechanisim), it's a lot easier to change the DBD module then to fix a lot of programs in production.

That's not even touching on the other benifits of placeholders, like efficiency of cached statements (especially in a mod_perl environment).

----
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
-- Schemer

: () { :|:& };:

Note: All code is untested, unless otherwise stated


Comment on Re: Re: Use placeholders. For SECURITY!
Download Code
Re: Re: Re: Use placeholders. For SECURITY!
by mpeppler (Vicar) on Nov 14, 2003 at 16:43 UTC
    I understand enough to know that I don't understand...
    Indeed. This is probably similar to what my Dad (an ex-air force pilot) used to say about pilots: beginners are very careful, and experienced pilots are careful. It's the intermediates that are really dangerous, because they think they know everything, but they don't know enough to know that they don't.

    Michael

    PS - I hope that last sentence makes sense :-)

Re: Re: Re: Use placeholders. For SECURITY!
by sauoq (Abbot) on Nov 14, 2003 at 18:47 UTC
    I think it's more common that programmers think they know how to do it right

    Sure, but I think you missed my point. I'd rather hire someone who understands the issues and uses best practices than someone that just uses best practices without really knowing why they are "best".

    I understand enough to know that I don't understand, which might sound self-detrimental

    That sounds both honest and like you have a realistic perspective on what you'd need to learn. Those are two other good qualities that one might look for in an interview.

    Regarding how one might fool an interviewer, that's quite true. It depends on the skill of the interviewer as well as his proficiency in the technical material being covered. (Assuming it's a technical interview.)

    -sauoq
    "My two cents aren't worth a dime.";
    

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://307078]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (7)
As of 2014-08-23 04:44 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (172 votes), past polls