Results 1 to 9 of 9

Thread: Common programming errors

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    472

    Common programming errors

    I'm wondering about something: What are the most common programming errors that can cause a security threat? I know about the buffer-overflow problem, but are there more well-known programming errors?

    The source of all programming errors is that the programmers don't have time too look through their code. Due to dead-lines program are realeased without being propely tested.
    ---
    proactive

  2. #2
    Senior Member
    Join Date
    Dec 2001
    Posts
    590
    My COBOL lecturer always says, "Debugging code is 10 times harder then coding. Thus, if you code to the best of your ability and try make it complex and fancy, you are technically not smart enough to debug it."

    He basically says this so that we keep things simple and not try to make it too fancy and complex, as it would be impossible to debug.

    Greg
    \"Do you know what people are most afraid of?
    What they don\'t understand.
    When we don\'t understand, we turn to our assumptions.\"
    -- William Forrester

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    472
    That's a good point. Sometimes you see programmers try to make the code as tiny as possible, but then it gets to cryptic and difficult to understand. It has happend to many times that I sit and debug code that doesn't do what it's supposed to. And then I do a little something, and suddenly the code works. But I don't really understand why but I let it pass anyway.

    I discussed the tecnique pair-programming with someone at work. It's simple, one who types and one who just checks the code the other has written. Seems that's a bad way to spend resources, but at least you get a much cleaner, less buggy code. And that's a good thing! So we came to the conclusion that pair programming is something we should give a shot.
    ---
    proactive

  4. #4
    Senior Member
    Join Date
    Dec 2001
    Posts
    590
    Yeah, sounds like a good way to tackle the situation.

    I also believe it's CRUCIAL to have very clear documentation. If you as the programmer check the code, and someone else checks it after you, it would be much much easier for them to check through it effectivily and efficiently if you provide them with good documentation.

    If they can clearly understand what you are trying to do in a section of code, they may be able to find a better and simpler solution. It's a pain to document code, but it makes it much easier in the future for maintenance and updates, etc.

    Greg
    \"Do you know what people are most afraid of?
    What they don\'t understand.
    When we don\'t understand, we turn to our assumptions.\"
    -- William Forrester

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    119
    for c friends a good reference:
    http://www.comsc.ucok.edu/~pcarter/f...-c-errors.html

    and for java fans:
    http://www.open.ac.uk/StudentWeb/m874/!synterr.htm
    cheers,
    the only thing that doesn\'t change is everything will always change.

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    119
    and another one with more security backround:

    http://www.suse.co.uk/uk/support/howto/secprog/

    cheers,
    the only thing that doesn\'t change is everything will always change.

  7. #7
    Junior Member
    Join Date
    Feb 2002
    Posts
    13
    Pair programming is awesome.

    We tried it at one company I worked for and being able to put two minds together gives you a much broader knowledge base, and having someone over your shoulder as you code forces you to be more critical of what you code. You catch things so much easier. Wish we were still doing it at my present company.

    I also agree with hot_ice - documentation is soooo necessary! Ever go back and look at code you wrote a year prior and think - "What the heck was I trying to do here???"

    And you're thinking this while looking at code you YOURSELF wrote. Imagine going another step back and reading someone ELSE'S undocumented code.
    ~~ Mindy...HERE

    \"It works on MY computer!\"

  8. #8
    i use pair programming as well and it works great
    i usually forget about pre and post conditions otherwise

  9. #9
    Senior Member
    Join Date
    Nov 2001
    Location
    Ireland
    Posts
    734
    Oh, they all laughed at me at work when I said that they huge expensive start-up password program could be bypassed by pressing Ctrl+C. They all laughed at me...

    ... but they aren't laughing now! mw ha ha ha ha!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •