C.R.U.D

At the Microsoft Security seminar that I went to this past Tuesday in Redmond I re-discovered a valuable word: CRUD. The acronym stands for: Change Remove Update Delete (CRUD).

 

Used in reference to what you do are doing within a database and how to think about what you are doing with that DB when writing applications that access it to help write secure code.

 

Like GIGO (Garbage In Garbage Out) that I learned about in my first computer class in 1977 it deals more with validating everything and trusting nothing before using it. It comes down to 4 times as much code needing to be written to validate a field, and react to errors as it does to get the field and do the work you want on it.

And then people wonder why it takes so long to write a program now-a-days. 

 

It takes twice as long to document properly a program as it does to write it.