Suggestions for good programming practices?

[brueckd at tbye.com]

On Tue, 25 Jun 2002, Carl Banks wrote:

> So why did you ask what kind of teacher calls a newbie's attention to
> eval?  You seemed (not to be confused with "I have concluded") to have
> been advocating ignorance.

Nope. Just like on the first day of a C programming class, a lousy teacher
would say, "Avoid pointers to pointers!" - it doesn't help at all to bring
that up so early in the learning process, it's confusing, and those types
of problems are furthest from the students' minds (they're interesting in
*doing* something with this new language). There's a host of other things
that are more useful to a newbie, whether experienced in other languages
or not. But *if* you do bring it up, then you should take the time to
explain why it's potentially bad.

Likewise, it doesn't really help a newbie much to bring up eval/exec right
away and say, "don't use this!" because there's tons of other things that 
will help them so much more, and in the early learning stages they're not 
going to be hurt by using those functions anyway. But *if* you do bring 
those functions up and advise against using them, you should explain why.

And if your code will be running in an environment where it might be used
maliciously, you need more than "don't use exec/eval" anyway - you really
need to take some time to learn about basic program security as there are
plenty of other potential security holes (at the very least you need a
security mini-FAQ or checkoff list in which exec/eval would be listed
along with many other things).  With that knowledge you'd discover the
risk of eval/exec on your own - they'd jump right out at you with even
just a quick security audit.

-Dave