"Rather than get away from the concept of the password required completely, the password is hard coded as 'password'"...
I literally just heard this statement, from a senior software engineer ten feet from my desk to another engineer as they consulted with one another about the system they are working on. And I simply can't let it go... So here I am to have a moan....
The problem with this kind of thinking really annoys me, they could make passwords optional with configuration, meaning the option is present and supported. They could remove the passwords altogether, as 'password' as a password is not a password at all, it only leverages an attacker to want to rip the soul from your data and scatter it to the four winds.
But more than that, remove the password if it's useless code, don't complicate the system, don't exacerbate the effort to maintain the code.
There are so many faults in the way this engineer is thinking I'm quite pleased I don't work directly with them; and luckily - as they're departing these fair shores in a fortnight - I never will.
Aaaannnnnddd... Relax...
Seriously though folks, don't over complicate things, if you use good source control you can resurrect sections of code from the previous revisions easily, so get drastic, get smarter in the process, chop and cut your code to bits.
This video from the 2 1/2 minute - ish - mark really shows you the process from someone else's eye... and I agree with him, when he talks about thinking about what's beyond scope, however, this also needs to be considered from the point of view of maintaining the code once released.
No comments:
Post a Comment