Alexandre Hetu was thrilled to not only be out of college, but to land a job at a small development company. He was even happier when he was given his first assignment: develop a shiny, brand-new application.

"I'm surprised they don't have any software to do this now," Alexandre told his boss after learning the business requirements, "or, were they using some vendor product?"

"Actually," his boss said sheepishly, "this is technically replacing an earlier system we built. Once you get in, you'll see why."

His boss wasn't joking. The thousands of lines of code where a wonderful mess, a redundant, unreadable and lengthy mess. It was filled with function names like "doit", "printit" and "makeit". And naturally, there were no comments... the code was self-documenting.

One thing Alexandre noticed was that the original developer was very concerned with database security. Not security as in, using prepared SQL statements. Or security as in escaping parameters sent through the web interface. It was security, as in this:

procedure TDataModule1.DataModuleCreate(Sender: TObject);
begin
   conn.connectionstring:=decodeit('F?@Z[SfLSX/}~xÉpÉÇzÅ~fJEH?CLtâxb/'
   + 'Étzrp_JtÑÅcLtÉp{Ç}pÅc/~ÉÑPJ@LtÅptÅ_/Å~u/tÅÑstr~Å_/tÇdJ|{ÄÇz~~{'
   + 'LtrÅÑ~b/pÉpSJg^aTgn]^XcPadcRPULv~{pÉpR/{pxÉx}XJbca^_TaQTfLSX/ÅtÇ'
   + 'dJtÑÅcL~u}X/àÉxÅÑrtb/ÉÇxÇÅt_JEDCQTfLsÅ~ÜÇÇp_J@=QST[^[`bLÅtsxÖ~Å_');
end;

And, fifteen lines of code later, there was this:

function decodeit(thistext:string):string;
var tempstr:string;
    counter:word;
begin
   tempstr:='';
   if length(thistext)>0 then
   for counter:=length(thistext) downto 1 do
      tempstr:=tempstr+chr(ord(thistext[counter])-15);

   result:=tempstr;
end;

Alexandre wasn't so thrilled any more.