Learn More
Resend Email
73
practiseSafeHex
7y

If the below is you, please stop. I'm starting a revolution called #AnswerTheQuestion

A: Hey, just checked your code, you have a huge security issue in XYZ, you should really address that.

B: Oh god I had no idea, how do I fix it?

A: Well it depends on how you *want* to fix it, no one solution is always the right one.

B: ... Ok, well could you give me some advice?

A: Well, there are many ways to approach this kind of work, but all I can say is that this way, is definitely not the correct one.

B: ... Ok, well how would you do it?

A: That would depend on the customer requirements.

B: ... the requirements is to have a website that isn't easily hackable, what do I do?

A: Nowadays, its pretty hard to make a website completely not hackable.

B: ALL THE SERVERS ARE SHOWING RED, PLEASE HELP ME!!!

A: ........ you really shouldn't prejudge colours. The colour red doesn't always mean danger, depends purely on the use case.

undefined

question

vague

security

answer

depends
Favorite
Ranter
Comments
  • 46
    7y
    @h3ll It depends though.
  • 8
    7y
    I answer this way sometimes to encourage entry and junior devs to either think about the correct question to ask or to encourage them to look for an answer on their own first. Of course, if it's a critical issue where production is going down and things are on fire that isn't always a good teachable moment.
  • 8
    7y
    Nobody likes it when someone points out problems without offering a solution. Screw nuance. If they ask, "Any idea how to fix this?" own up to the situation and recommend a course of action. Particularly if it's a security problem. Prefix your answer with IANAL or YMMV if that helps you sleep at night.
  • 9
    7y
    @h3ll the most accurate, but also incomplete.

    e.g. "It depends ... you could try A, B, C but you'll need to research each and see which one fits"

    Is a happy way to solve both issues
  • 4
    7y
    People thing there a switch that makes websites hackable or not.
  • 2
    7y
    @flag0 thanks marketing
  • 4
    7y
    @flag0 indeed, and the funny thing is: there is always a way even if you think you thought of everything.
  • 3
    7y
    The thing is , that indeed , there is no 'perfect' way , as owasp usually say if you look up solutions for a certain problem you get something like : good practices of avoiding x issue : examples . See what best fits your case , develop securely from scratch , and don't just add security measures to simply make that final point on the requirements list . We are called 'developers' for a reason , we aren't supposed to just copy paste and mash code together , we are supposed to create solutions .
    P.S. : That involves (creative) thinking .
  • 2
    7y
    I think developers should never be taught that there is one right way to do things that "depend"
    Of course specifying a few various options helps as if you're working with them, of course you should give your advice for the best option.
    Having a one solution way of thinking can lead to locking yourself up with one solution to a problem.

    Though of course
    "There should be one-- and preferably only one --obvious way to do it.
    Although that way may not be obvious at first unless you're Dutch."
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment