Comments on: TalesFromTheSmellySide(Of Code) – Episode #2 – SQL Injection Infection http://lostechies.com/joeybeninghove/2007/11/02/talesfromthesmellyside-of-code-episode-2-sql-injection-infection/ Just another LosTechies site Fri, 15 Oct 2010 23:08:45 +0000 hourly 1 http://wordpress.org/?v=3.4.2 By: jlockwood http://lostechies.com/joeybeninghove/2007/11/02/talesfromthesmellyside-of-code-episode-2-sql-injection-infection/#comment-73 jlockwood Wed, 07 Nov 2007 20:38:25 +0000 /blogs/joeydotnet/archive/2007/11/02/talesfromthesmellyside-of-code-episode-2-sql-injection-infection.aspx#comment-73 Heh, my first software project was a big DOD app in Java/C++. I guess one rather rank smell was our invented scripting language for the persistence layer that read pretty much like assembler. Or maybe distributing "smart" UI frames through DCOM. ...Heck, I wouldn't know where to start. I think our problem was far too many clever folks on a big project. We committed two major sins during that project. 1. The solution was overly complex, extremely difficult to maintain, and was developed by siloed teams. 2. We used DCOM to distribute processing, but ended up "over distributing" what would now be called services. This was bad for performance and ended up contributing to a brittle system. Heh, my first software project was a big DOD app in Java/C++. I guess one rather rank smell was our invented scripting language for the persistence layer that read pretty much like assembler. Or maybe distributing “smart” UI frames through DCOM.

…Heck, I wouldn’t know where to start. I think our problem was far too many clever folks on a big project. We committed two major sins during that project.
1. The solution was overly complex, extremely difficult to maintain, and was developed by siloed teams.
2. We used DCOM to distribute processing, but ended up “over distributing” what would now be called services. This was bad for performance and ended up contributing to a brittle system.

]]> By: Jimmy Bogard http://lostechies.com/joeybeninghove/2007/11/02/talesfromthesmellyside-of-code-episode-2-sql-injection-infection/#comment-72 Jimmy Bogard Fri, 02 Nov 2007 19:31:11 +0000 /blogs/joeydotnet/archive/2007/11/02/talesfromthesmellyside-of-code-episode-2-sql-injection-infection.aspx#comment-72 *sigh* this really brings me back. Though mine were usually of the variant: "DELETE tblCustomer WHERE ID='" + Request.QueryString["id"] + "'" Pretty funny. *sigh* this really brings me back.

Though mine were usually of the variant:

“DELETE tblCustomer WHERE ID=’” + Request.QueryString["id"] + “‘”

Pretty funny.

]]>