Security Ain't That Hard?

-
I've been researching what's required to make my application less vulnerable to things like SQL injection or other malicious attacks. Imagine my surprise when I discovered that I've apparently already done the two biggest things, which are using PreparedStatements and escaping special characters. I've googled quite a bit and these are the main things I've found so far.

According to the latter article I do need to do a few more small things, such as specifying the character encoding in my headers, but that seems to be about it... I'll be double-checking all my SQL to make sure there are no inappropriate uses of Statements, but apparently this issue is going to be a lot faster and easier than I expected. Rather shocking, really... Hopefully google hasn't lead me astray.

In other news I'm leaning towards revising the issue "Add error checking, unit testing, and integration testing using JUnit, DBUnit, FindBugs, etc." to just focusing on FindBugs and other similar tools for now. I've done some research on unit testing and in particular test driven development, and it's a huge topic and somewhat confusing. I did purchase a book, Test Driven Development By Example by Kent Beck, after seeing it recommended multiple places, so I think I'd like to revisit this topic after reading the book. I'll put The Pragmatic Programmer on hold for now.

Comments

Post a Comment

Popular posts from this blog

Git. The WHAT and WHY Edition.

-
Image
Lately I've seen a lot of new/aspiring developers talk about difficulties learning git . I was confused at first, because there are approximately a zillion git tutorials out there. But then I started really looking at what people were saying AND what all those tutorials contain. The problem is most tutorials start out with "here are a ton of git commands to memorize", and this is not where people are having problems. People are having problems with "what is git, why should I learn it, and what does it look like to use it in a real-life project?", and those questions are largely not answered in all those millions of tutorials. So at the risk of redundancy, I'm going to attempt to address these questions in Yet Another Article About Git. First, I want to make it clear that if you want to be a programmer, any kind of programmer, you need to know git. You just DO. This is the short version of the answer to "why should I learn it?".  The medium length a
Read more

"Does it get easier?" Yes, but Also No...

-
Image
Image by Arek Socha from Pixabay It's complicated... "Does it get easier?" I see some form of this question asked a lot in beginner programming groups. I always struggle with how to answer this honestly and clearly, because the truth is not that simple. In some ways it does get easier, but in other ways it is almost always going to be difficult if you are advancing in your career . If you are a programmer and your job is easy for years on end, the most likely explanation is that you're in the kind of dead-end position that people try to avoid, not the kind of position people dream about when they think of becoming a developer. Most likely you are not getting better at being a dev, not working with new tech or solving new kinds of problems, not being given more responsibility, etc. etc. etc. I've seen some pushback from other newbie programmers on the idea that it could remain difficult past the initial learning stage. Notably I have never once seen somebody who
Read more

How to Land Your First Dev Job: Develop Yourself, Market Yourself

-
Image
Image by magnetme from Pixabay In the coding and tech groups I'm in, I see the same question asked over and over by folks who are just learning to code, finishing up a bootcamp, degree, or other training program, or who have been looking for that first job for awhile and not having any luck: "what do I need to do to get my first dev job?" There's a whole ton of info out there on this topic, but it's scattered all over, so I thought I would gather together the best resources I've come across and share them, along with a bit of context, to try and help everybody struggling with or just plain wondering about this. There are a lot  of things you can do to improve your chances of finding a job and hopefully shorten your job search. They are broadly divided into 2 categories: developing yourself and your skills, and marketing yourself and your skills. Note that you don't need to do everything on this list, nor do you need to do it all at once. This is an "
Read more