Did you defense?
Glory 2002
In the book of "C Trap and Defects" (Gaowa), Mr. Andrew Koenig has such a text about "defensive programming":
Do not do too much hypothesis for program users and compilers! I still remember that I have had such a conversation with a user when I develop a system:
"What are the code that may occur in this part of the record?"
"Possible code is X, Y, and Z."
"If there is a different code with x, y and z, what should I do?"
"This is impossible."
"Well, but if this situation does happen, the program needs to do some appropriate processing. What should you think?"
"I don't care about this."
"Do you really don't care?"
"Correct."
"So, if the program deletes the entire database when the program is detected by the code different from x, y and z, do you mind?"
"It's too bad. You must never delete the entire database!"
"That is to say, you still think that the program is in this case. So what do you want to do?"
We know, how can you happen anything, sometimes it is possible. A robust program should take into account this abnormal situation.
(Description: The above text and the Chinese book correspondence to the text)
This is not the first time I first exposed to "Defense Programming" thought, and even 14 years ago, it was not the first creation of Andrew, but this paragraph is very good for my taste - it sounds extreme, but it is indisputable.
Two years ago, I wrote a program that can execute the SQL statement in a variety of ways according to user preferences. This program has been running very well until one day, an engineering person complained to me, he could not store a long SQL statement into the database.
This really surprised me! I have never thought that someone will write a SQL statement that exceeds 4,000 characters. Later, I changed this type of field into blob.
Now, programmers write a section A program, and the programmer writes a B program. The B program has a user interface, accepts user input, and stores the input in the database, and the A program parses and uses these data.
One day, the A program suddenly collapsed. After inspection, since Badk is written, the user can enter the A program from the B program interface to enter the A program. It is these illegal data that leads to the crash of the A process.
Undoubtedly, B pro program needs to be improved, but the A process of A. Hey, MR. A, have you defensed?
In the input port of "Defined Data", we should pay attention to the legality verification problem of the data, but when the resolution and use, "defined data" does not cause any consequences, "defined data" source may also Five flowers (such as direct writing databases), therefore, "defense" has become "resolved and executes modules" uncomfortable responsibility.
-Finish-
