One of the biggest things that I have contributed to my team through this whole project is being able to break things. I have been able to find many issues with our project (and I am continuing to). This is I have managed to find bugs and unexpected behavior that my other ream members have not noticed, which we have fixed soon after. This is helping our project be more solid and ensure that we do not have something terrible happen during our presentation.
I did have an interesting scare the other day. Brandon Lites asked me if we are sanitizing our SQL queries and I looked at him like a deer in the headlights. After convincing him not to do some horrible SQL injection on our project, I brought the issue up with my team. We did some research thinking that we would have to write some kludge in back end to make the site less vulnerable to attack. Not so. We are using Hibernate as our Java Persistence framework and it actually sanitizes queries for you! Looks like Bobby Tables won't have a problem attending UNM (ha).
On a serious note though, we learned an important lesson from this. This class is about designing software for the real world and getting us ready to go from school to shipping code to a customer. Now, in school we have never really had to worry about security issues like this, the goal has just been to get the project finished. In the real world, if we had shipped a product that was vulnerable SQL injection, I am sure that it would be exploited in less than a day. Even though Hibernate took care of the vulnerability, it was a reminder to keep security in mind and always stay sharp on how something is implemented.
No comments:
Post a Comment