|
To be fair, Apps Hungarian is a somewhat useful hack around a language lacking a proper type system. A real type system would let you have a type for, say, a user-supplied string, and a separate type for the same string that's been escaped for display in an HTML page. Then it's impossible for you to introduce an XSS vulnerability by echoing back attacker-controlled information without first escaping it properly, because the type system literally prevents you from doing that. Unfortunately, most languages just give you one String type to work with. So, for lack of a better option, you can encode the escaped-or-not part of the type information in the name of the variable instead (which, while not being statically checked, at least makes it easy to code-review whether or not things are being used right). Systems Hungarian would also probably be an acceptable hack if a programming language you were using happened to completely lack a type system, but those don't tend to be in common usage, and you don't tend to write your entire application in raw asm anyway.
|
# ? Jun 11, 2013 13:53 |
|
|
# ? Jun 8, 2024 08:43 |
|
hackbunny posted:We get it Joel, you're an IT entrepreneur who was the youngest PM at Microsoft and held his own against Bill loving Gates, About that: http://web.archive.org/web/20110608155400/http://www.classiccmp.org/pipermail/cctech/2005-April/042999.html
|
# ? Jun 11, 2013 14:07 |
|
Zombywuf posted:About that: http://web.archive.org/web/20110608155400/http://www.classiccmp.org/pipermail/cctech/2005-April/042999.html For the lazy quote:On the Joel Spolsky subject he was a basically ignorant junior employee
|
# ? Jun 11, 2013 14:18 |
|
Jabor posted:To be fair, Apps Hungarian is a somewhat useful hack around a language lacking a proper type system. It's a naming convention that provides zero type safety.
|
# ? Jun 11, 2013 14:21 |
|
tef posted:It's a naming convention that provides zero type safety. Well yeah, but it makes wrong code obviously wrong, which is the next-best thing if for some reason you can't programatically ensure correctness. Another option is use type annotations and such in conjunction with an actual analysis tool that tells you if you gently caress up, but for some reason even when people write annotation-based type checkers for dynamic languages they just stick with the bare-minimum "this is a string, this is a number" instead of letting you implement a real type system
|
# ? Jun 11, 2013 14:44 |
|
Jabor posted:Well yeah, but it makes wrong code obviously wrong, which is the next-best thing if for some reason you can't programatically ensure correctness. No it doesn't. Joel claims it does, but that doesn't make it so.
|
# ? Jun 11, 2013 14:51 |
|
hackbunny posted:Oh gently caress PHP, gently caress it hard. Is there a saner language that compiles to PHP, like CoffeScript compiles to Javascript? This poo poo is un-loving-believable http://haxe.org/doc/start/php I haven't done much with haxe outside a dumb platformer flash game but it doesn't seem too horrible
|
# ? Jun 11, 2013 15:08 |
|
tef posted:No it doesn't. "No Joel said it so it must be wrong" is also a pretty dumb argument if that's the direction you're going in. I'm not a huge fan of the guy, and I think naming something "rgwphczButtes" is goddamn retarded, but it doesn't mean the idea is completely without merit.
|
# ? Jun 11, 2013 15:19 |
|
tef has made this post several times before (some in this very thread!); relying on naming conventions to enforce type safety rather than your actual type system is balls out stupid. Eg. if a function should only be fed input that has already been filtered, make its input argument of type FilteredFoo or whatever so you get an error if you try and pass it unfiltered data rather than relying on someone noticing the absense of a prefix indicating clean-ness (lol good luck with that)
|
# ? Jun 11, 2013 15:48 |
|
That's more than obvious, but that seems like something you can only do in staticly typed languages.
|
# ? Jun 11, 2013 16:09 |
|
Hard NOP Life posted:That's more than obvious, but that seems like something you can only do in staticly typed languages. You can still do type or functionality checks in dynamic languages. A loose convention of variable names provides no protection at all, the moment you start to find misnamed variables or bugs you lose the ability to trust what you see, just like old inaccurate comments, there will always be a better option to provide safety that doesn't rely of a fallible interpretation.
|
# ? Jun 11, 2013 16:18 |
|
Hard NOP Life posted:That's more than obvious, but that seems like something you can only do in staticly typed languages. It's actually easier in dynamically typed languages, but the downside is that you get a runtime error rather than a compile-time error. Eg. in Perl I can use Moose's type magic to not only do the check, but (continuing with the earlier example) to also perform the coercion between the unfiltered data to filtered data rather than explicitly calling a function to do it.
|
# ? Jun 11, 2013 16:19 |
|
Is there an equivalent to Moose in Python and PHP? Or are you reduced to having to manually check types at the beginning of each function if you want that assurance?
|
# ? Jun 11, 2013 16:30 |
|
Hard NOP Life posted:Is there an equivalent to Moose in Python and PHP? Or are you reduced to having to manually check types at the beginning of each function if you want that assurance? PHP has the option of specifying classes for arguments, e.g., function foo(MyClass $bar). Passing a value that isn't a MyClass object causes a fatal error.
|
# ? Jun 11, 2013 17:04 |
|
Can't really do that with strings afaik, I'd love to know how to do it though if its possible: http://codepad.org/uEhtyiRi code:
|
# ? Jun 11, 2013 18:01 |
|
Innocent Bystander posted:
Holy poo poo PHP.
|
# ? Jun 11, 2013 18:06 |
|
Hard NOP Life posted:Is there an equivalent to Moose in Python and PHP? Or are you reduced to having to manually check types at the beginning of each function if you want that assurance? You could write wrappers in Python: Python code:
|
# ? Jun 11, 2013 18:07 |
|
Suspicious Dish posted:Holy poo poo PHP. You can only do this with classes; in most cases that's all you need. PHP's type coercion, as maligned as it is, allows you to not worry about the types of primitives 99% of the time. Whenever you see a "horror" that runs into type coercion, it's almost always something someone deliberately constructed to be clever, rather than an actual bug in code.
|
# ? Jun 11, 2013 18:28 |
|
Hard NOP Life posted:Is there an equivalent to Moose in Python and PHP? Or are you reduced to having to manually check types at the beginning of each function if you want that assurance? for php, you can use XHP and avoid cross site scripting/html escape issues pretty conveniently. meanwhile, in python, it depends on the templating language you use, but there are sensible options.
|
# ? Jun 11, 2013 19:04 |
|
Tiny Bug Child posted:You can only do this with classes; in most cases that's all you need. PHP's type coercion, as maligned as it is, allows you to not worry about the types of primitives 99% of the time. Whenever you see a "horror" that runs into type coercion, it's almost always something someone deliberately constructed to be clever, rather than an actual bug in code. nope! after reading this blog post i discovered this horrible vulnerability in some of our production code. http://danuxx.blogspot.com/2013/03/unauthorized-access-bypassing-php-strcmp.html PHP code:
|
# ? Jun 11, 2013 20:42 |
|
Suspicious Dish posted:Holy poo poo PHP. This arises, as with a number of PHP's other issues, because the PHP parser is a huge hack job that can't cope with certain things. You can use the type hinting syntax to require that an argument be of a user-defined class type, but it doesn't work for the built-in/primitive types because the bare words that would be used to mean those types have special meaning to the parser. If I recall correctly.
|
# ? Jun 11, 2013 20:47 |
|
Deus Rex posted:nope! after reading this blog post i discovered this horrible vulnerability in some of our production code. ...who thought it would be a good idea to return the same value on success as on error?
|
# ? Jun 11, 2013 20:49 |
|
senrath posted:...who thought it would be a good idea to return the same value on success as on error? At least it got fixed for 5.3 apparently and use of === operator.
|
# ? Jun 11, 2013 20:50 |
|
Deus Rex posted:nope! after reading this blog post i discovered this horrible vulnerability in some of our production code. Blame that on whoever decided to use strcmp() to test two strings for equality. If they hadn't tried to overcomplicate things and simply tested ($_GET['secret'] == 'TOP_SECRET_PASSWORD'), it would have worked perfectly. Was there some need to see which password came first alphabetically?
|
# ? Jun 11, 2013 20:55 |
|
Tiny Bug Child posted:Blame that on whoever decided to use strcmp() to test two strings for equality.
|
# ? Jun 11, 2013 21:10 |
|
Jerry SanDisky posted:This is a thing of beauty. PHP isn't C. It's 2013, and you don't have to call a function to compare variables anymore.
|
# ? Jun 11, 2013 21:12 |
|
Tiny Bug Child posted:Blame that on whoever decided to use strcmp() to test two strings for equality. If they hadn't tried to overcomplicate things and simply tested ($_GET['secret'] == 'TOP_SECRET_PASSWORD'), it would have worked perfectly. Was there some need to see which password came first alphabetically? Using == would introduce another problem: https://bugs.php.net/bug.php?id=54547 In our case, the strings to be compared were HMAC-MD5 hashes. The final fix was to use the strict, non-coercing operator ===.
|
# ? Jun 11, 2013 21:18 |
|
Tiny Bug Child posted:If they hadn't tried to overcomplicate things and simply tested ($_GET['secret'] == 'TOP_SECRET_PASSWORD'), it would have worked perfectly. Coding horrors: post the code that makes you laugh (or cry)
|
# ? Jun 11, 2013 21:27 |
|
I continue to find code like code:
|
# ? Jun 11, 2013 22:12 |
|
Tiny Bug Child posted:PHP isn't C. It's 2013, and you don't have to call a function to compare variables anymore. How many equal signs do we have to use to do a correct comparison in php these days?
|
# ? Jun 11, 2013 22:13 |
|
Tiny Bug Child posted:Blame that on whoever decided to use strcmp() to test two strings for equality. If they hadn't tried to overcomplicate things and simply tested ($_GET['secret'] == 'TOP_SECRET_PASSWORD'), it would have worked perfectly. Was there some need to see which password came first alphabetically? I sincerely hope you don't do any professional development
|
# ? Jun 11, 2013 22:34 |
|
Slanderer posted:I sincerely hope you don't do any professional development He makes for-pay porn sites. If you think that's horrific you should see his posts in YOSPOS (specifically the security fuckup thread and the programming language thread).
|
# ? Jun 11, 2013 22:39 |
|
hobbesmaster posted:How many equal signs do we have to use to do a correct comparison in php these days? In the vast majority of cases, two. This frees you from having to worry about, for example, whether numbers you pull out of a database or from $_GET are being stored as numbers or strings. If you're using strpos() or similar functions, or you have a number being stored as a string but you want to make sure it's not compared as a number (like that guy's password) you use three.
|
# ? Jun 11, 2013 23:02 |
|
Slanderer posted:I sincerely hope you don't do any professional development Unencrypted plain text passwords are ok if your users regularly forget theirs right?
|
# ? Jun 11, 2013 23:07 |
|
Tiny Bug Child posted:In the vast majority of cases, two. This frees you from having to worry about, for example, whether numbers you pull out of a database or from $_GET are being stored as numbers or strings. If you're using strpos() or similar functions, or you have a number being stored as a string but you want to make sure it's not compared as a number (like that guy's password) you use three. quote:The old rule is:
|
# ? Jun 11, 2013 23:15 |
|
Arcsech posted:He makes for-pay porn sites. Good lord, you weren't kidding. Tiny Bug Child posted:thanks for loving up some app Tiny Bug Child posted:i guess if you're used to bad langauges it would seem like php's type system doesn't "work" because it doesn't constantly get in your way or generate fake errors And there were...so many more.
|
# ? Jun 12, 2013 06:39 |
|
Now I know what truly elegant programming is. Thank you.
|
# ? Jun 12, 2013 06:41 |
|
Tiny Bug Child posted:i guess if you're used to bad langauges it would seem like php's type system doesn't "work" because it doesn't constantly get in your way or generate fake errors This, embodies the thread. I will read this post forever, and thank whatever god I currently believe in, everyday. This is the best troll ever if it is one.
|
# ? Jun 12, 2013 07:10 |
|
Yes, TBC is a troll, if you weren't aware.
|
# ? Jun 12, 2013 07:13 |
|
|
# ? Jun 8, 2024 08:43 |
|
Having heterodox opinions on type systems doesn't make you a "troll". And if you're going to go quote mining, you might as well include what I had to say about this when Hacker News got their panties a-twist about this three months ago:Tiny Bug Child posted:1. it doesn't return 0, it returns null, which loose-equals 0 And as a bonus, some words from a great man: Rasmus Lerdorf posted:For all the folks getting excited about my quotes. Here is another - Yes, I am a terrible coder, but I am probably still better than you
|
# ? Jun 12, 2013 07:34 |