No. 1: Playing it fast and loose
Failing to shore up the basics is the easiest way to undercut your code. Often this means overlooking how arbitrary user behavior will affect your program. Will the input of a zero find its way into a division operation? Will submitted text be the right length? Have date formats been vetted? Is the username verified against the database? Mistakes in the smallest places cause software to fail.
Some developers exploit the error catching features of the code to cover up these failures. They wrap their entire stack with one big catch for all possible exceptions. They dump the error to a log file, return an error code, and let someone else deal with the issue.
No. 2: Overcommitting to details
On the flip side, overly buttoned-up software can slow to a crawl. Checking a few null pointers may not make much difference, but some software is written to be like an obsessive-compulsive who must check that the doors are locked again and again so that sleep never comes.
Relentless devotion to detail can even lock up software if the obsessive checking requires communicating with a distant website over the network. I have several packages that slow to a crawl if I fire them up on a laptop without a Wi-Fi connection because they’re frantically trying to phone home to see if a new version might be available. The Wi-Fi LED flickers, and the software hangs, constantly looking for a hotspot that isn’t there.
The challenge is to design the layers of code to check the data when it first appears, but this is much easier said than done. If multiple developers work on a library or even if only one does all of the coding, it’s difficult to remember whether and when the pointer was checked.
No. 3: Not simplifying control
Too often, developers invite disaster by not simplifying control over tasks in their code.
Mike Subelsky, one of the co-founders of OtherInBox.com, is a keen advocate of there being one and only one place in the code for each job. If there are two places, odds are someone will change one but not the other. If there are more than two, the odds get even worse that someone will fail to keep them all working in the same way.
“Having worked on one code base for three-plus years, my biggest regret is not making the code more modular,” Subelsky says. “I’ve learned the hard way why the Single Responsibility Principle is so important. I adhere to it strongly in new code, and it’s the first thing I attack when refactoring the old code.”
No. 4: Delegating too much to frameworks
Sometimes the magic tools lead only to confusion. By abstracting functionality and assuming what we want, frameworks can all too often leave developers at a loss for what’s gone wrong in their code.
G. Blake Meike, a programmer based near Seattle, is one of many developers who finds over-reliance on automated tools such as Ruby on Rails a hindrance when it comes to producing clean code.
“Convention, by definition, is something outside the code,” Meike says. “Unless you know Ruby on Rails’ rules for turning a URL into a method call, for instance, there is no way, at all, that you will ever figure out what actually happens in response to a query.”
He finds that reading the code often means keeping a manual close by to decipher what the code is doing behind his back.
“The rules are, while quite reasonable, not entirely trivial. In order to work on a Ruby on Rails app, you just have to know them. As the app grows, it depends on more and more of these almost-trivial bits of external knowledge. Eventually, the sum of all the almost-trivial bits is decidedly not trivial. It’s a whole ecosphere of things you have to learn to work on the app and remember while you are debugging it,” he says.
To make matters worse, the frameworks can often leave you, and any who come after you, stranded with pretty code that’s difficult to understand, revise, or extend.
As Mike Morton, another programmer, explains, “They carry you 90 percent of the way up the mountain in a sedan chair, but that’s all. If you want to do the last 10 percent, you’ll need to have thought ahead and brought oxygen and pitons.”
No. 5: Trusting the client
Many of the worst security bugs appear when developers assume the client device will do the right thing. For example, code written to run in a browser can be rewritten by the browser to execute any arbitrary action. If the developer doesn’t double-check all of the data coming back, anything can go wrong.
One of the simplest attacks relies on the fact that some programmers just pass along the client’s data to the database, a process that works well until the client decides to send along SQL instead of a valid answer. If a website asks for a user’s name and adds the name to a query, the attacker might type in the name x; DROP TABLE users;. The database dutifully assumes the name is x and then moves on to the next command, deleting the table filled with all of the users.
There are many other ways that clever people can abuse the trust of the server. Web polls are invitations to inject bias. Buffer overruns continue to be one of the simplest ways to corrupt software.
To make matters worse, severe security holes can arise when three or four seemingly benign holes are chained together. One programmer may let the client write a file assuming that the directory permissions will be sufficient to stop any wayward writing. Another may open up the permissions just to fix some random bug. Alone there’s no trouble, but together, these coding decisions can hand over arbitrary access to the client.
No. 6: Not trusting the client enough
Sometimes too much security can lead paradoxically to gaping holes. Just a few days ago, I was told that the way to solve a problem with a particular piece of software was just to chmod 777 the directory and everything inside it. Too much security ended up gumming up the works, leaving developers to loosen strictures just to keep processes running.
Web forms are another battleground where trust can save you in the long run. Not only do bank-level security, long personal data questionnaires, and confirming email addresses discourage people from participating even on gossip-related sites, but having to protect that data once it is culled and stored can be far more trouble than it’s worth.
Because of this, many Web developers are looking to reduce security as much as possible, not only to make it easy for people to engage with their products but also to save them the trouble of defending more than the minimum amount of data necessary to set up an account.
My book, Translucent Databases, describes a number of ways that databases can store less information while providing the same services. In some cases, the solutions will work while storing nothing readable.