Is your code complete? (Part I)-overall impact on the system and security

Iv. overall impact on the system

When you write and modifyProgramIn general, because it is stored in a larger system, rather than an isolated single program, after writing or modifying, you must check the overall impact on the system.

If you testCodeIf it is perfect, it can be put together with testability. That is to say, you need to write the corresponding integrated test code and pass the test. However, in many cases, if you do not implement test-driven development and write the corresponding test code, this item can still be independent.

You can't help but think of a program you have modified before. At that time, the demand was as follows: after the insurance policy was saved (mainly adding additional risks), when re-printing the insurance policy, the last payment date should be displayed according to the specific situation. At this time, there are several different situations, including new growth risks on the warranty anniversary, new growth risks on the non-Warranty anniversary, new short risks on the warranty anniversary and new short risks on the non-Warranty anniversary. At that time, because it was the first time to modify the security program, it was not appropriate to consider it, just to achieve their own goals, rather than taking into account the overall impact. At that time, my modification method was to find the field storing the last payment date in the database, and then in the preservation procedure, when performing the corresponding operation, set the last payment date to the date to be displayed in the report. After completion, the Report Program is indeed no problem. However, after a few days of operation, the financial payment process encountered a problem, because at the time of payment, it was based on the last payment date to determine when the data should be generated. After careful consideration, it is precisely because the impact of a single modification on the system as a whole is not taken into account that such a serious bug occurs.

Therefore, when writing a new program or modifying the original program, you must consider whether the program will affect other modules in the system. If so, you must test all the corresponding items, otherwise it may cause unnecessary trouble.

In addition, there is another questionArticleIsSecurity issues. If a program does not take into account the necessary security issues, it cannot be considered to have completed all the code.

For example, a user can access a function that is not within his or her own permissions, or has security vulnerabilities in the program, hackers can easily perform SQL injection, OS command injection, and cross-site scripting attacks on the system, which brings more potential problems to the system. Although users may not feel it, the risk of information leakage and tampering is very high for the company.

I wrote a lot of text, but I want to express that I want to say that my code is actually complete, and there is a lot of work to be done. However, only the code that has been completed is the high-quality code, which can save a lot of maintenance and modification work and prevent many potential problems.

Finally, I hope everyone will ask themselves after writing a program. Is my code actually complete?

P.s. Previous links:

Is your code complete? (1) -- availability and ease of use

Is your code complete? (II) -- maintainability and standardization

Is your code complete? (3) -- testability and robustness