× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



On Wed, 3 Mar 2021 at 17:11, Dave <dfx1@xxxxxxxxxxxxxx> wrote:

I'm looking to create some examples of secure vs non-secure code in RPG.
I'm not finding it easy to come up with my own. I guess the most basic
would be not checking the indicator after a chain operation, for example.
But nobody does that(!) Then I thought of a few things that tend to bite
you on the backside after a few weeks like a DS not initialized or nested
DO's with file reads that both use %EOF without specifying the file name.
But that only happens when you don't test properly. Anyone got any ideas?

'Secure' is one of those IT-words that seem to have many different
definitions. I would use the word 'robust' or 'resilient' to describe
the examples you gave. Although there are no RPG-specific examples, I
wholeheartedly recommend Steve McConnell's book 'Code Complete'. The
concepts he discusses are illustrated with C++, etc, but are so clear
and useful that I learnt quite a lot.

One desirable thing that is far too rare in my experience is error
trapping. When I write my code from the outset with the idea that I
will trap and handle every error, I find that my thinking gets better.
I realise many edge cases that I should handle, and especially for
sub-procedures, what to 'tell' the caller about what happened down
here. In my opinion, when people in your group have a calm discussion
about the relative merits of C/SQL-style return codes vs Java/IBM
i-style exceptions, you're moving in the right direction for creating
a system that is robust. No, it's really not possible to 'handle'
every single error that can occur, but when I *think* about doing that
as a standard way of building an application, the results turn out
better for me.

Non-sequitur: Write the comments first, and describe the business
function, not the code. So, '// Get the credit limit' and not '//
chain to cust file'. It's another thing that has helped me to think
better and therefore code better.

Best regards,
--buck

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.