Pessimistic Development
-
Recently I was going through a code written by one of the developer. I just got startled by the way a user message confirmation page was named and the message was being passed to it. It was a little user information page named as 'ErrorDisplay.aspx' and he is passing message to it like ?lErrorMessage=Data has been updated successfully&sErrorIdentificationNumber=4232343523&ErrorDateTime= I was just curious and tryed to enter a alert('Dog') and it immediately pounced back to a 'Potentially Dangerous Page...' from .NET Framework. At the glance, I could guess the following are the horrors in this part of the code: 1) Wrong nomenclature to the file 2) Too big variable names. After all, QueryString is limited right? The developer is not expectant of any appraisal from the user. 3) Cross Site Scripting vulnerability 4) Bad and inconsistent variable naming. When I was thinking over this, a few days back, we had a discussion in a technical forum regarding dependency of Exceptions for normal application flow, which is really a strain on the server besides the pathetically poor programming practice.
Vasudevan Deepak Kumar Personal Homepage
Tech Gossips
A pessimist sees only the dark side of the clouds, and mopes; a philosopher sees both sides, and shrugs; an optimist doesn't see the clouds at all - he's walking on them. --Leonard Louis Levinson