Comment On None for All

Hans used less XML, and now he had two problems. [expand full text]
« PrevPage 1 | Page 2Next »

Re: None for All

2013-02-04 14:52 • by Jazz (unregistered)
400540 in reply to 400529
Anonymous:
Herein lies the problem with ORM's. The SQL is actually easier to write, maintain, and understand. And since NULL cannot equal anything, it would probably just take care of this. Should have been a stored procedure. ;)

Captcha: decet. As in ORMs are deceitful.


The ORM has nothing to do with this. The programming error would have been the exact same WTF even if it had been written in raw SQL:


String criteria_sql = "SELECT * FROM `employee_data` ";
if( requestUser != null ){
if( requestUser instanceof Employee ){
Employee employee = (Employee) requestUser;
criteria_sql = criteria_sql + "WHERE `id` = " + employee.id;
}
}
return executeQuerySomehow( criteria_sql );

Re: None for All

2013-02-04 14:59 • by PiisAWheeL
Great. The only thing missing is some obscure piece of regex and the trifecta is complete.

Re: None for All

2013-02-04 15:05 • by dkf
400542 in reply to 400533
Rick:
Hell it might even go viral!
What, like H5N1 'flu, HIV or Ebola? Thanks a bunch!

Re: None for All

2013-02-04 15:56 • by Pablo (unregistered)
This is a great example of using failsafes - if your authentication ever fails, you can still safely access all of your data!

Re: None for All

2013-02-04 17:54 • by pjt33
400544 in reply to 400516
Jack:
I thought OOP was supposed to conceal the details of the implementation, and only expose an interface where you get and set values and the class takes care of figuring out how to make that happen.

That's procedural programming with classes, often mistaken for OOP.

Re: None for All

2013-02-04 20:37 • by Meep (unregistered)
400545 in reply to 400496
faoileag:
Jack:
if (requestUser == null) {
requestUser = 'xsmith';
}

requestUser is not an instance of String, it's an instance of User

The correct line would therefore have to be something like:
requestUser = new User('some_dummy_name');


No, it would be requestUser = User.makeInvalidUser(), and it would return a subclass of User that overrode the method isAuthenticated to return false. Or it could even be a special guest user that exists but simply has no permissions.

Re: None for All

2013-02-05 01:30 • by Gunslinger (unregistered)
400547 in reply to 400542
dkf:
Rick:
Hell it might even go viral!
What, like H5N1 'flu, HIV or Ebola? Thanks a bunch!


Thanks Obama!

Re: None for All

2013-02-05 02:26 • by löchlein deluxe (unregistered)
400548 in reply to 400491
Ken:
bug:

Criteria criteria = new Critera();

Is that the new three-way boolean expression I've been hearing about?

No, it's the way you have to name things in **ails if you want auto-generated code to work. Oh how I wish I was kidding.

Re: None for All

2013-02-05 02:48 • by Norman Diamond (unregistered)
Lorne Kates:
(who can trust ctrl-c / ctrl-v in these hectic, Enterprise Cloud-based times?)
Embarrassingly enough for me, after having advocated ctrl-c / ctrl-v in this forum a few weeks ago, I have to admit that it cannot be trusted.

I took the hard drive out of a PC whose backlight burnt out but still had Windows XP working when an external monitor was attached.

I used a USB-to-SATA cable to connect the hard drive to a PC running Windows 7.

I opened Windows Explorer, selected a bunch of folders, ctrl-c, explored to a folder on the internal drive of the new PC, ctrl-v.

Windows Explorer told me about 30 times that it couldn't copy files because the filenames were too long. Sometimes it showed part of the base filename but it didn't show the entire path. Windows suggested that I change the filename, but didn't provide any button or edit box to do so, just skip or cancel or maybe repeat the fail without change. Sometimes I could guess where the original files were. I didn't handwrite a complete list. Well, that was yesterday. Today is worse.

Today I happened to look at a folder where Windows Explorer did copy files to. A folder where Windows Explorer did not complain about invalid filenames or inability to copy files. A folder where Windows Explorer pretended to succeed.

Today I noticed that some filenames differed from the originals.

ctrl-c / ctrl-v? In Windows 7? Just say no.

Re: None for All

2013-02-05 03:21 • by my name (unregistered)
Happened into a similar feature at the university some 15 or so years ago.

There were old macs using some text terminal software to connect to a system named LADOK, a system which stored all information on completed and ongoing courses. These terminals were available to any student (well really anyone at all) in case you wanted to check your grades for that Haskell introduction course.

To retrieve your information, you entered your 10-digit personal number, similar to social security number I guess, only that the 6 first digits are your birth date. By substituting the last four digits with spaces you could enter any date and retrieve a list of students born on that date, their full personal numbers and their grades. Can't recall if it "only" reported students at the local university or if it was for the whole of Sweden.

Re: None for All

2013-02-05 03:35 • by Gyxi (unregistered)
It's a classic scenario. They had correctly functioning code without the check on whether the user is null. Then someone entered a non existing user name and the system gave a NullPointerException. A junior developer was told to fix the error and did by checking for null first.

- sagaciter, n. a person that likes to tell quotations from old sagas.

Re: None for All

2013-02-05 11:23 • by Mike (unregistered)
400599 in reply to 400488
Buffalo buffalo buffalo?

Re: None for All

2013-02-05 11:31 • by Mike (unregistered)
400602 in reply to 400500
Probably just tested with a few users and yep it only showed their data so ... Then our WTF guy decided to use the webservice directly rather than go through the page (which might enforce login at the website level) and didn't use it "correctly". A lot of edge cases never get tested at a lot of places because "it will never happen".

Re: None for All

2013-02-05 11:44 • by Neil (unregistered)
400606 in reply to 400540
Jazz:
The ORM has nothing to do with this. The programming error would have been the exact same WTF even if it had been written in raw SQL:


String criteria_sql = "SELECT * FROM `employee_data` ";
if( requestUser != null ){
if( requestUser instanceof Employee ){
Employee employee = (Employee) requestUser;
criteria_sql = criteria_sql + "WHERE `id` = " + employee.id;
}
}
return executeQuerySomehow( criteria_sql );
That's not raw SQL, you're still casting the user to an employee on the client side. You want
SELECT * FROM employee_data INNER JOIN users ON partner WHERE users.id = ?
If the user isn't an employee then his partner is null and you get no records.

Re: None for All

2013-02-05 11:48 • by Neil (unregistered)
400607 in reply to 400549
Norman Diamond:
I opened Windows Explorer, selected a bunch of folders, ctrl-c, explored to a folder on the internal drive of the new PC, ctrl-v.
So I take it you'll be using ROBOCOPY from now on?

Re: None for All

2013-02-05 18:52 • by danixdefcon5
Easy to fix:

if (requestUser == null)
throw new SecurityException("Nice try, smartass!");

Bonus points as SecurityExceptions are logged by the App Server.

Re: None for All

2013-02-06 15:55 • by OOP?!? (unregistered)
400768 in reply to 400544
pjt33:
Jack:
I thought OOP was supposed to conceal the details of the implementation, and only expose an interface where you get and set values and the class takes care of figuring out how to make that happen.

That's procedural programming with classes, often mistaken for OOP.


Unfortunately, sometimes that's all you want in these OOP languages, and so you end up creating some terrible classes.

Re: None for All

2013-02-06 22:11 • by Leonidas (unregistered)
<!-- Madness? This is Sparta!!! -->

Something something akismet. Suscipere. Frist? First? Fstir?

Re: None for All

2013-02-07 15:22 • by EsotericNonsense (unregistered)
Well I don't see what the big problem is it's a one line fix.
« PrevPage 1 | Page 2Next »

Add Comment