Hunter Hudson/Jon Pincus - On Spot the Bug and Code Quality

Sign in to queue

The Discussion

  • User profile image
    There is a typo in the line
    var strConnection="Data Source=c:\\auth\\auth.mdb;"
    But a real bug is that when building the SQL query, the user input is not checked, so I could enter my name as "teis' DROP TABLE client": Classic mistake
  • User profile image
    I have to agree that there is a large difference between the kind of bug that simply stops the app from working (typo in data source parameter) and the kind of bug that allows the app to survive casual testing but which nevertheless leaves a large security hole.  The first kind is much easier to catch, but is much less serious in the larger sense.

Add Your 2 Cents