[AppDB] - protect against sql injection in select, update and delete statements

Tony Lambregts tony.lambregts at gmail.com
Mon Jun 26 00:12:12 CDT 2006 

Chris Morgan wrote:
>> Oh for crying out loud. Go ahead and automate if you know how to. If you or
>> someone else can show me how I am willing to work on it too, I an not
>> opposed to automating all of the testing if that is possible.
>>
>> In the mean time am against these large patches that are difficult to test
>> because the are so large.
>>
>>     
>
> The difficulty isn't that a particular change is large, although yes, if only 
> a few lines of code that were only called from a single location were changed 
> this would make it easy to test.  The issue is that the appdb is so large and 
> complex that we aren't using time efficiently by testing manually.
>   
I'm not arguing against automated testing,  however not  having 
automated testing  is not an excuse for  not testing.
> Automated testing isn't all that difficult to implement.  We can start out 
> with tests for classes, make sure we can create a new user, change the users 
> password and other info and delete the user.  Test creating applications and 
> versions.  We should even be able to fill in form data and simulate the user 
> entering data and clicking on the submit button.
>   
This is a fine idea...
> I already have many of the tests for the user class completed from this last 
> October.  
I would like to see this.
>   
> Let me finish up closing these sql holes and I'll clean the tests 
> up and submit them as a basis for our automated testing.
>   
I'll repeat I do not want patches going into the live system without being tested. Break them up so that they are easier to test. For the life of me I do not see how on earth you think is this an unreasonable request.


I really do not enjoy arguing with you about this but I feel I am forced too because testing is the only way I can see to ensure that we don't keep busting the AppDB. I have said it before and I will say it again we have lost more data so far through bad patches then through security breaches. 


--

Tony Lambregts

More information about the wine-devel mailing list