I recently went through a live training session, and some videos involving Grails. I was surprised to see that bulk assignment to domain objects appeared to be common practice in the training materials. In other words, = params appeared to be the idiomatic way to update a domain object with new values from a web request. The problem with doing that, of course, is that an end-user can submit whatever form fields they choose, and easily change database fields you hadn’t intended for them to change. Fundamentally, this is the same problem PHP was accused of being very insecure...
read more

The 3-1-2 Principle (Why I’m an “Anti-Intellectual”)

“What are you doing here?” That’s a phrase I’ve heard a lot.  Most recently it was at Gigantour, as someone observed that a clean-cut geek like myself doesn’t fit the mold of typical metal fan.  The observation, though slightly rude, wasn’t exactly news to me.  The instance when I was most surprised to hear it happened when I was in grade 10, lined up to receive a bronze medal for my grades.  The first place grade 11 student, who was someone I was acquainted with, leaned over and wondered aloud what I was doing there. The truth is though, despite being de...
read more

Next Entries »