SQL anti-pattern Application's anti-pattern
Today I read the SQL anti-pattern, so I will extract some of the terms and anti-patterns that I came out and summarize.
①Readable password
An anti-pattern that registered passwords in plaintext.
Demerit
- Not secure … there are several opportunities for an attacker to steal passwords
When we can use anti-pattern
The password when the application becomes the client side for accessing the external service should also be encrypted as much as possible. Insert a password hash with salt. (irreversible)
②SQL injection
An anti-pattern that executes unauthenticated input as a code. SQL Injection occurs by dynamically inserting a string in the SQL query string by modifying the syntax of the query in a manner not intended by the developer.
Demerit
- If executed without a syntax error it will result in unintended results
- The impact when SQL is modified is immeasurable
When we can use anti-pattern
There is no reason to justify
- Input filtering
- parameterization of dynamic values, use of p repaired statements
- Isolate user input from code
- Review among developers
We should take measures such as SQL injection measures.
③Pseudokey Neat-Freak (pseudo key Family disease)
An anti-pattern that fills the gap When you find a missing line, many people think that they want to fill it naturally.
- assign missing numbers
- Renumber existing business
Demerit
- Inefficient and error prone
- cause a race condition
- Source of data inconsistency
When we can use anti-pattern
There is no reason to justify changing the pseudo key value. Do not fill in the missing numbers.
④Sea · No Evil (lid on smell)
Reasonable reason to write concise code
- Application coding can be done in less time
- Code to be tested, documented, peer reviewed decreases
- Because there are few codes, the possibility of bug contamination is reduced
Anti-pattern to overlook the essential part
- Ignore the return value of the database API
- I only read the scattered SQL in the application code
Developers miss the information they can easily obtain.
Demerit
- Judge without diagnosis
- Simple mistakes such as no space are often overlooked
When we can use anti-pattern
Error checking can be omitted for plums that do not need to do anything for errors. For example, although the close function of the database connection returned status, If the application itself is in the process of terminating, resources for connection are also considered to be cleaned up.
⑤Diplomatic Immunity
Follow best practices
- Version control of source code using tools such as Subversion and Git
- Automate and execute unit tests and functional tests
- Write documentation, specifications, code comments and record application requirements and implementation strategies
Anti-pattern that treats SQL specially. We tends to think that these practices are exempt especially for database code.
Demerit
- Many unnecessary work and repeated work occur
When we can use anti-pattern
We should address quality issues comprehensively.
⑥Magic Beans
The anti-pattern that MVC’s model is the active record itself. A mapping such as a CRUD operation is called an active record.
Demerit
- Active Records makes models depend heavily on database schema … Number of tables = Code implementation to communicate with models as well as the number of models
- Publish the CRUD function
- Domain Model Causes anemia … Coding of business logic that does not have behaviors other than CRUD method is required
- Difficult unit test of Magic Beans
When we can use anti-pattern
The active record itself is convenient. However, technical debt is generated by coding at the time of prototype creation. The time to refactor code should be incorporated in the schedule beforehand to reduce the debt.
⑦Sand castle
Anti-pattern of lack of assumption.
The problem is that the assumption of what happens and measures to deal with each event are not sufficiently examined. In order to operate the service stably, it is necessary to assume that trouble will occur naturally. Just assuming is not enough, and it is necessary to consider what action should be taken when an event actually occurs during operation.
- Stop machine
- Transaction failure
- Response policy when performance problems or failures occur
Demerit
- Expansion of damage
When we can use anti-pattern
It is a time-consuming task to think about the structure. It is necessary to consider how much money and effort can be put in consideration of the following.
- How much loss will it have with the system going down?
- Does the project plan have an impact?
- How long is the suspension period acceptable?