SlideShare a Scribd company logo

Programming ten commandments

Amitai Barnea
Amitai Barnea

Programming ten commandments that every web developer should know

Software
1 of 22
Download to read offline
Programming Ten Commandments That every graduate should know before starting to code -------- Amitai Barnea 2019
Thou shalt not call server in vain John: "Hey, go to Tel Aviv and give them this letter". Mike: "OK, on my way" ... Mike: "I'm back". John: "Great, can you go back and check if something has changed?" John: "Couldn't you asked me before?!?"
In code: this.ajax.updateData(params).then((res) => { this.ajax.getUpdatedData().then((res) => { this.data = res.data; } } Should be: this.ajax.updateData(params).then((res) => { this.data = res.data; }
Thou shalt not call DB in vain Mike: "Take this letter to the post Boss." John: "Ok" John: " I'm back" Mike: "Now take this one." John: "Ok" John: " I'm back" Mike: " And now this" John: "Ok" John: " I'm back" Mike: " And this..." John: "AHHHAAAHHHA!!!!"
In code: students = [] classes = Class.where(city: "Tel-aviv") classes.each |class| do students << Student.where(class_id: class.id) end Should be: students = [] class_ids = Class.where(city: "Tel-aviv").pluck(:id) students = Student.where(class_id: class_ids)
Thou shalt not fetch unnecessary data John: "Go to Tel Aviv and bring here all the new cars" Mike: " I'm on my way..." Mike: " I'm back!" John: "Cool, now write down all their plates and put it on my table"
In code: cars = Car.where(color: ‘red’) cars_ids = cars.map(&:id) car_ids = Car.where(color: ‘red’).select(:id)
Thou shalt protect your DB Guest: “Hey, can I use your toilet?” Mike: ”sure” ... Mike: ”Hey, what are you doing inside my room?!?”
In code, we call it SQL injection def station_info(station_id) Station.where(“station_id = #{station_id}”) End What will happen if an attacker will use: station_id = “532 and 1 = 1” Should be: def station_info(station_id) Station.where(“station_id = ?”, station_id) End
Thou shalt protect your clients Boss: ”Take this package to our John, It something from Mike.” Secretary: ” John complained that this package had detecting device in it” Boss: ”OMG!!!”
In Code, we call it XSS attack. When one user can plant a malisious code into another user. def update_address(user, address) user.address = address; user.save end What will happen if: address = "<script>alert("xss attack!!)</script>" Should be: def update_address(user, address) escaped_address = escaped(address) user.address = escaped_address; user.save end
Thou shalt never trust the client Boss: “ Who is this man inside the lab?” Secretary: ” He is a technician, he said he is allowed to be there?” Boss: ”Did you checked his ID?” Secretary: ”NO…”
In code: def update_user(user, params) user.params = params user.save end Should be: def update_user(user, params) raise “unauthorized” unless current_user.is_admin user.params = params user.save end
Thou shalt think about debugging the production Boss: ”Where is my document?” Secretary: ”I sent it to mike” Boss: ” to which address? He says he didn’t get it” Secretary: ”I don’t know, I didn’t write it”. Boss: ” I’m gonna kill you…”
In code: def update_station(station, params) Station.params = params end You should log important operations and errors. Should be: def update_station(station, params) Logger.info(“user #{current_user.id} updated station #{station.i Station.params = params rescue e Logger.error(“user #{current_user.id} couldn’t update st Logger.error(e) end
In code: def update(params) ... end Always think that someone else will read your code at a certain point. Should be: def update_user_by_admin(params) ... end
Thou shalt think always expect the worst John: ”I think it’s going to rain, did you bring your umbrella?” Mike: ”No, on my computer it never rained” John: ”OK…”
In code this.ajax.getUsers().then((res) => { this.users = res; }) this.ajax.getUsers().then((res) => { this.users = res; }, err => { toast(“Could not get users, please try again later”); })
And on as a Bonus: Thou shalt remember there are a lot of different screens out there Mike: ”Can you tell me what’s the score?” John: “No, I can't see it well on my computer” Mike: “Then use mine” John: ”Oh, now I can read it…”
In code width: 1450px height: 950px; Should be: Use flex!!!
Always think about: Performance Security Maintenance responsiveness
Thank you ;)

Recommended

CoffeeScript & Jasmine - MadJS February 2012
CoffeeScript & Jasmine - MadJS February 2012CoffeeScript & Jasmine - MadJS February 2012
CoffeeScript & Jasmine - MadJS February 2012Matt Gauger
 
Hello, AngularJS 1.3
Hello, AngularJS 1.3Hello, AngularJS 1.3
Hello, AngularJS 1.3Nir Elbaz
 
Thomas Fuchs Presentation
Thomas Fuchs PresentationThomas Fuchs Presentation
Thomas Fuchs PresentationRubyOnRails_dude
 
Performance
PerformancePerformance
PerformanceDerek Kraan
 
Ajax3
Ajax3Ajax3
Ajax3Brian Moschel
 
PWA 應用 - 實現網站離線瀏覽
PWA 應用 - 實現網站離線瀏覽PWA 應用 - 實現網站離線瀏覽
PWA 應用 - 實現網站離線瀏覽Anna Su
 
Maurizio Mangione - What Service Workers can do - Codemotion Milan 2017
Maurizio Mangione - What Service Workers can do - Codemotion Milan 2017Maurizio Mangione - What Service Workers can do - Codemotion Milan 2017
Maurizio Mangione - What Service Workers can do - Codemotion Milan 2017Codemotion
 
PWA 與 Service Worker
PWA 與 Service WorkerPWA 與 Service Worker
PWA 與 Service WorkerAnna Su
 

Recommended

CoffeeScript & Jasmine - MadJS February 2012
CoffeeScript & Jasmine - MadJS February 2012CoffeeScript & Jasmine - MadJS February 2012
CoffeeScript & Jasmine - MadJS February 2012Matt Gauger
 
Hello, AngularJS 1.3
Hello, AngularJS 1.3Hello, AngularJS 1.3
Hello, AngularJS 1.3Nir Elbaz
 
Thomas Fuchs Presentation
Thomas Fuchs PresentationThomas Fuchs Presentation
Thomas Fuchs PresentationRubyOnRails_dude
 
Performance
PerformancePerformance
PerformanceDerek Kraan
 
Ajax3
Ajax3Ajax3
Ajax3Brian Moschel
 
PWA 應用 - 實現網站離線瀏覽
PWA 應用 - 實現網站離線瀏覽PWA 應用 - 實現網站離線瀏覽
PWA 應用 - 實現網站離線瀏覽Anna Su
 
Maurizio Mangione - What Service Workers can do - Codemotion Milan 2017
Maurizio Mangione - What Service Workers can do - Codemotion Milan 2017Maurizio Mangione - What Service Workers can do - Codemotion Milan 2017
Maurizio Mangione - What Service Workers can do - Codemotion Milan 2017Codemotion
 
PWA 與 Service Worker
PWA 與 Service WorkerPWA 與 Service Worker
PWA 與 Service WorkerAnna Su
 
Service worker - Offline Web
Service worker - Offline WebService worker - Offline Web
Service worker - Offline WebBruno Oliveira
 
React.js enlightenment
React.js enlightenmentReact.js enlightenment
React.js enlightenmentArtur Szott
 
Lazy Loading and Object Proxying Shenangians
Lazy Loading and Object Proxying ShenangiansLazy Loading and Object Proxying Shenangians
Lazy Loading and Object Proxying ShenangiansJohn Barton
 
Dan Webb Presentation
Dan Webb PresentationDan Webb Presentation
Dan Webb PresentationRubyOnRails_dude
 
Js unit testing
Js unit testingJs unit testing
Js unit testingMihail Irintchev
 
Build a bot workshop async primer - php[tek]
Build a bot workshop async primer - php[tek]Build a bot workshop async primer - php[tek]
Build a bot workshop async primer - php[tek]Adam Englander
 
Being a pimp without silverlight
Being a pimp without silverlightBeing a pimp without silverlight
Being a pimp without silverlightMaarten Balliauw
 
Redux Thunk - Fu - Fighting with Async
Redux Thunk - Fu - Fighting with AsyncRedux Thunk - Fu - Fighting with Async
Redux Thunk - Fu - Fighting with AsyncArtur Szott
 
MeetJS Summit 2016: React.js enlightenment
MeetJS Summit 2016: React.js enlightenmentMeetJS Summit 2016: React.js enlightenment
MeetJS Summit 2016: React.js enlightenmentArtur Szott
 
XSS Defeating Trick ~=ABK=~ WhitePaper
XSS Defeating Trick ~=ABK=~ WhitePaperXSS Defeating Trick ~=ABK=~ WhitePaper
XSS Defeating Trick ~=ABK=~ WhitePaperAbhishek Kumar
 
Developing large scale JavaScript applications
Developing large scale JavaScript applicationsDeveloping large scale JavaScript applications
Developing large scale JavaScript applicationsMilan Korsos
 
Ajax Highlights
Ajax HighlightsAjax Highlights
Ajax HighlightsSharvan Kumar
 
Open course(programming languages) 20150318
Open course(programming languages) 20150318Open course(programming languages) 20150318
Open course(programming languages) 20150318JangChulho
 
Gtg12
Gtg12Gtg12
Gtg12Poga Po
 
Zero Downtime Deployment in Microservices era
Zero Downtime Deployment in Microservices eraZero Downtime Deployment in Microservices era
Zero Downtime Deployment in Microservices eraAlex Soto
 
You promise?
You promise?You promise?
You promise?IT Weekend
 
ServiceWorker: New game changer is coming!
ServiceWorker: New game changer is coming!ServiceWorker: New game changer is coming!
ServiceWorker: New game changer is coming!Chang W. Doh
 
Python for AngularJS
Python for AngularJSPython for AngularJS
Python for AngularJSJeff Schenck
 
Ansible 2.0
Ansible 2.0Ansible 2.0
Ansible 2.0Dennis Rowe
 
Service Worker - Reliability bits
Service Worker - Reliability bitsService Worker - Reliability bits
Service Worker - Reliability bitsjungkees
 
Akka persistence == event sourcing in 30 minutes
Akka persistence == event sourcing in 30 minutesAkka persistence == event sourcing in 30 minutes
Akka persistence == event sourcing in 30 minutesKonrad Malawski
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I thinkWim Godden
 

More Related Content

What's hot

Service worker - Offline Web
Service worker - Offline WebService worker - Offline Web
Service worker - Offline WebBruno Oliveira
 
React.js enlightenment
React.js enlightenmentReact.js enlightenment
React.js enlightenmentArtur Szott
 
Lazy Loading and Object Proxying Shenangians
Lazy Loading and Object Proxying ShenangiansLazy Loading and Object Proxying Shenangians
Lazy Loading and Object Proxying ShenangiansJohn Barton
 
Build a bot workshop async primer - php[tek]
Build a bot workshop async primer - php[tek]Build a bot workshop async primer - php[tek]
Build a bot workshop async primer - php[tek]Adam Englander
 
Being a pimp without silverlight
Being a pimp without silverlightBeing a pimp without silverlight
Being a pimp without silverlightMaarten Balliauw
 
Redux Thunk - Fu - Fighting with Async
Redux Thunk - Fu - Fighting with AsyncRedux Thunk - Fu - Fighting with Async
Redux Thunk - Fu - Fighting with AsyncArtur Szott
 
MeetJS Summit 2016: React.js enlightenment
MeetJS Summit 2016: React.js enlightenmentMeetJS Summit 2016: React.js enlightenment
MeetJS Summit 2016: React.js enlightenmentArtur Szott
 
XSS Defeating Trick ~=ABK=~ WhitePaper
XSS Defeating Trick ~=ABK=~ WhitePaperXSS Defeating Trick ~=ABK=~ WhitePaper
XSS Defeating Trick ~=ABK=~ WhitePaperAbhishek Kumar
 
Developing large scale JavaScript applications
Developing large scale JavaScript applicationsDeveloping large scale JavaScript applications
Developing large scale JavaScript applicationsMilan Korsos
 
Open course(programming languages) 20150318
Open course(programming languages) 20150318Open course(programming languages) 20150318
Open course(programming languages) 20150318JangChulho
 
Zero Downtime Deployment in Microservices era
Zero Downtime Deployment in Microservices eraZero Downtime Deployment in Microservices era
Zero Downtime Deployment in Microservices eraAlex Soto
 
ServiceWorker: New game changer is coming!
ServiceWorker: New game changer is coming!ServiceWorker: New game changer is coming!
ServiceWorker: New game changer is coming!Chang W. Doh
 
Python for AngularJS
Python for AngularJSPython for AngularJS
Python for AngularJSJeff Schenck
 
Service Worker - Reliability bits
Service Worker - Reliability bitsService Worker - Reliability bits
Service Worker - Reliability bitsjungkees
 

What's hot (20)

Service worker - Offline Web
Service worker - Offline WebService worker - Offline Web
Service worker - Offline Web
 
React.js enlightenment
React.js enlightenmentReact.js enlightenment
React.js enlightenment
 
Lazy Loading and Object Proxying Shenangians
Lazy Loading and Object Proxying ShenangiansLazy Loading and Object Proxying Shenangians
Lazy Loading and Object Proxying Shenangians
 
Dan Webb Presentation
Dan Webb PresentationDan Webb Presentation
Dan Webb Presentation
 
Js unit testing
Js unit testingJs unit testing
Js unit testing
 
Build a bot workshop async primer - php[tek]
Build a bot workshop async primer - php[tek]Build a bot workshop async primer - php[tek]
Build a bot workshop async primer - php[tek]
 
Being a pimp without silverlight
Being a pimp without silverlightBeing a pimp without silverlight
Being a pimp without silverlight
 
Redux Thunk - Fu - Fighting with Async
Redux Thunk - Fu - Fighting with AsyncRedux Thunk - Fu - Fighting with Async
Redux Thunk - Fu - Fighting with Async
 
MeetJS Summit 2016: React.js enlightenment
MeetJS Summit 2016: React.js enlightenmentMeetJS Summit 2016: React.js enlightenment
MeetJS Summit 2016: React.js enlightenment
 
XSS Defeating Trick ~=ABK=~ WhitePaper
XSS Defeating Trick ~=ABK=~ WhitePaperXSS Defeating Trick ~=ABK=~ WhitePaper
XSS Defeating Trick ~=ABK=~ WhitePaper
 
Developing large scale JavaScript applications
Developing large scale JavaScript applicationsDeveloping large scale JavaScript applications
Developing large scale JavaScript applications
 
Ajax Highlights
Ajax HighlightsAjax Highlights
Ajax Highlights
 
Open course(programming languages) 20150318
Open course(programming languages) 20150318Open course(programming languages) 20150318
Open course(programming languages) 20150318
 
Gtg12
Gtg12Gtg12
Gtg12
 
Zero Downtime Deployment in Microservices era
Zero Downtime Deployment in Microservices eraZero Downtime Deployment in Microservices era
Zero Downtime Deployment in Microservices era
 
You promise?
You promise?You promise?
You promise?
 
ServiceWorker: New game changer is coming!
ServiceWorker: New game changer is coming!ServiceWorker: New game changer is coming!
ServiceWorker: New game changer is coming!
 
Python for AngularJS
Python for AngularJSPython for AngularJS
Python for AngularJS
 
Ansible 2.0
Ansible 2.0Ansible 2.0
Ansible 2.0
 
Service Worker - Reliability bits
Service Worker - Reliability bitsService Worker - Reliability bits
Service Worker - Reliability bits
 

Similar to Programming ten commandments

Akka persistence == event sourcing in 30 minutes
Akka persistence == event sourcing in 30 minutesAkka persistence == event sourcing in 30 minutes
Akka persistence == event sourcing in 30 minutesKonrad Malawski
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I thinkWim Godden
 
Антипаттерны модульного тестирования
Антипаттерны модульного тестированияАнтипаттерны модульного тестирования
Антипаттерны модульного тестированияMitinPavel
 
SproutCore and the Future of Web Apps
SproutCore and the Future of Web AppsSproutCore and the Future of Web Apps
SproutCore and the Future of Web AppsMike Subelsky
 
Ruxmon cve 2012-2661
Ruxmon cve 2012-2661Ruxmon cve 2012-2661
Ruxmon cve 2012-2661snyff
 
Rails, Postgres, Angular, and Bootstrap: The Power Stack
Rails, Postgres, Angular, and Bootstrap: The Power StackRails, Postgres, Angular, and Bootstrap: The Power Stack
Rails, Postgres, Angular, and Bootstrap: The Power StackDavid Copeland
 
Unobtrusive JavaScript
Unobtrusive JavaScriptUnobtrusive JavaScript
Unobtrusive JavaScriptVitaly Baum
 
The Testing Games: Mocking, yay!
The Testing Games: Mocking, yay!The Testing Games: Mocking, yay!
The Testing Games: Mocking, yay!Donny Wals
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I thinkWim Godden
 
Static Code Analysis PHP[tek] 2023
Static Code Analysis PHP[tek] 2023Static Code Analysis PHP[tek] 2023
Static Code Analysis PHP[tek] 2023Scott Keck-Warren
 
Ruby on Rails testing with Rspec
Ruby on Rails testing with RspecRuby on Rails testing with Rspec
Ruby on Rails testing with RspecBunlong Van
 
Zero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for youZero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for youAndrey Karpov
 
Building Web-API without Rails, Registration or SMS
Building Web-API without Rails, Registration or SMSBuilding Web-API without Rails, Registration or SMS
Building Web-API without Rails, Registration or SMSPivorak MeetUp
 
Intro to Ruby - Twin Cities Code Camp 7
Intro to Ruby - Twin Cities Code Camp 7Intro to Ruby - Twin Cities Code Camp 7
Intro to Ruby - Twin Cities Code Camp 7Brian Hogan
 
Intro To JavaScript Unit Testing - Ran Mizrahi
Intro To JavaScript Unit Testing - Ran MizrahiIntro To JavaScript Unit Testing - Ran Mizrahi
Intro To JavaScript Unit Testing - Ran MizrahiRan Mizrahi
 
node.js, javascript and the future
node.js, javascript and the futurenode.js, javascript and the future
node.js, javascript and the futureJeff Miccolis
 
Trying Continuous Delivery - pyconjp 2012
Trying Continuous Delivery - pyconjp 2012Trying Continuous Delivery - pyconjp 2012
Trying Continuous Delivery - pyconjp 2012Toru Furukawa
 
Controller Testing: You're Doing It Wrong
Controller Testing: You're Doing It WrongController Testing: You're Doing It Wrong
Controller Testing: You're Doing It Wrongjohnnygroundwork
 
&lt;x> Rails Web App Security Title
&lt;x> Rails Web App Security Title&lt;x> Rails Web App Security Title
&lt;x> Rails Web App Security Title'"><x> '"><x>
 

Similar to Programming ten commandments (20)

Akka persistence == event sourcing in 30 minutes
Akka persistence == event sourcing in 30 minutesAkka persistence == event sourcing in 30 minutes
Akka persistence == event sourcing in 30 minutes
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I think
 
Антипаттерны модульного тестирования
Антипаттерны модульного тестированияАнтипаттерны модульного тестирования
Антипаттерны модульного тестирования
 
SproutCore and the Future of Web Apps
SproutCore and the Future of Web AppsSproutCore and the Future of Web Apps
SproutCore and the Future of Web Apps
 
Why ruby
Why rubyWhy ruby
Why ruby
 
Ruxmon cve 2012-2661
Ruxmon cve 2012-2661Ruxmon cve 2012-2661
Ruxmon cve 2012-2661
 
Rails, Postgres, Angular, and Bootstrap: The Power Stack
Rails, Postgres, Angular, and Bootstrap: The Power StackRails, Postgres, Angular, and Bootstrap: The Power Stack
Rails, Postgres, Angular, and Bootstrap: The Power Stack
 
Unobtrusive JavaScript
Unobtrusive JavaScriptUnobtrusive JavaScript
Unobtrusive JavaScript
 
The Testing Games: Mocking, yay!
The Testing Games: Mocking, yay!The Testing Games: Mocking, yay!
The Testing Games: Mocking, yay!
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I think
 
Static Code Analysis PHP[tek] 2023
Static Code Analysis PHP[tek] 2023Static Code Analysis PHP[tek] 2023
Static Code Analysis PHP[tek] 2023
 
Ruby on Rails testing with Rspec
Ruby on Rails testing with RspecRuby on Rails testing with Rspec
Ruby on Rails testing with Rspec
 
Zero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for youZero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for you
 
Building Web-API without Rails, Registration or SMS
Building Web-API without Rails, Registration or SMSBuilding Web-API without Rails, Registration or SMS
Building Web-API without Rails, Registration or SMS
 
Intro to Ruby - Twin Cities Code Camp 7
Intro to Ruby - Twin Cities Code Camp 7Intro to Ruby - Twin Cities Code Camp 7
Intro to Ruby - Twin Cities Code Camp 7
 
Intro To JavaScript Unit Testing - Ran Mizrahi
Intro To JavaScript Unit Testing - Ran MizrahiIntro To JavaScript Unit Testing - Ran Mizrahi
Intro To JavaScript Unit Testing - Ran Mizrahi
 
node.js, javascript and the future
node.js, javascript and the futurenode.js, javascript and the future
node.js, javascript and the future
 
Trying Continuous Delivery - pyconjp 2012
Trying Continuous Delivery - pyconjp 2012Trying Continuous Delivery - pyconjp 2012
Trying Continuous Delivery - pyconjp 2012
 
Controller Testing: You're Doing It Wrong
Controller Testing: You're Doing It WrongController Testing: You're Doing It Wrong
Controller Testing: You're Doing It Wrong
 
&lt;x> Rails Web App Security Title
&lt;x> Rails Web App Security Title&lt;x> Rails Web App Security Title
&lt;x> Rails Web App Security Title
 

Recently uploaded

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfproinshot.com
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 

Recently uploaded (20)

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 

Programming ten commandments

  • 1. Programming Ten Commandments That every graduate should know before starting to code -------- Amitai Barnea 2019
  • 2. Thou shalt not call server in vain John: "Hey, go to Tel Aviv and give them this letter". Mike: "OK, on my way" ... Mike: "I'm back". John: "Great, can you go back and check if something has changed?" John: "Couldn't you asked me before?!?"
  • 3. In code: this.ajax.updateData(params).then((res) => { this.ajax.getUpdatedData().then((res) => { this.data = res.data; } } Should be: this.ajax.updateData(params).then((res) => { this.data = res.data; }
  • 4. Thou shalt not call DB in vain Mike: "Take this letter to the post Boss." John: "Ok" John: " I'm back" Mike: "Now take this one." John: "Ok" John: " I'm back" Mike: " And now this" John: "Ok" John: " I'm back" Mike: " And this..." John: "AHHHAAAHHHA!!!!"
  • 5. In code: students = [] classes = Class.where(city: "Tel-aviv") classes.each |class| do students << Student.where(class_id: class.id) end Should be: students = [] class_ids = Class.where(city: "Tel-aviv").pluck(:id) students = Student.where(class_id: class_ids)
  • 6. Thou shalt not fetch unnecessary data John: "Go to Tel Aviv and bring here all the new cars" Mike: " I'm on my way..." Mike: " I'm back!" John: "Cool, now write down all their plates and put it on my table"
  • 7. In code: cars = Car.where(color: ‘red’) cars_ids = cars.map(&:id) car_ids = Car.where(color: ‘red’).select(:id)
  • 8. Thou shalt protect your DB Guest: “Hey, can I use your toilet?” Mike: ”sure” ... Mike: ”Hey, what are you doing inside my room?!?”
  • 9. In code, we call it SQL injection def station_info(station_id) Station.where(“station_id = #{station_id}”) End What will happen if an attacker will use: station_id = “532 and 1 = 1” Should be: def station_info(station_id) Station.where(“station_id = ?”, station_id) End
  • 10. Thou shalt protect your clients Boss: ”Take this package to our John, It something from Mike.” Secretary: ” John complained that this package had detecting device in it” Boss: ”OMG!!!”
  • 11. In Code, we call it XSS attack. When one user can plant a malisious code into another user. def update_address(user, address) user.address = address; user.save end What will happen if: address = "<script>alert("xss attack!!)</script>" Should be: def update_address(user, address) escaped_address = escaped(address) user.address = escaped_address; user.save end
  • 12. Thou shalt never trust the client Boss: “ Who is this man inside the lab?” Secretary: ” He is a technician, he said he is allowed to be there?” Boss: ”Did you checked his ID?” Secretary: ”NO…”
  • 13. In code: def update_user(user, params) user.params = params user.save end Should be: def update_user(user, params) raise “unauthorized” unless current_user.is_admin user.params = params user.save end
  • 14. Thou shalt think about debugging the production Boss: ”Where is my document?” Secretary: ”I sent it to mike” Boss: ” to which address? He says he didn’t get it” Secretary: ”I don’t know, I didn’t write it”. Boss: ” I’m gonna kill you…”
  • 15. In code: def update_station(station, params) Station.params = params end You should log important operations and errors. Should be: def update_station(station, params) Logger.info(“user #{current_user.id} updated station #{station.i Station.params = params rescue e Logger.error(“user #{current_user.id} couldn’t update st Logger.error(e) end
  • 16. In code: def update(params) ... end Always think that someone else will read your code at a certain point. Should be: def update_user_by_admin(params) ... end
  • 17. Thou shalt think always expect the worst John: ”I think it’s going to rain, did you bring your umbrella?” Mike: ”No, on my computer it never rained” John: ”OK…”
  • 18. In code this.ajax.getUsers().then((res) => { this.users = res; }) this.ajax.getUsers().then((res) => { this.users = res; }, err => { toast(“Could not get users, please try again later”); })
  • 19. And on as a Bonus: Thou shalt remember there are a lot of different screens out there Mike: ”Can you tell me what’s the score?” John: “No, I can't see it well on my computer” Mike: “Then use mine” John: ”Oh, now I can read it…”
  • 20. In code width: 1450px height: 950px; Should be: Use flex!!!