Who Called Me? - Level Extreme

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

Who Called Me?

Message

From

03/11/2000 14:01:24

Daniel Rouleau
Consultant
Glen Allen, Virginia, United States

03/11/2000 10:29:19

Janis Booth
Webmd
Prospect, Connecticut, United States

General information

Forum:

Visual FoxPro

Category:

Coding, syntax & commands

Title:

Re: Who Called Me?

Miscellaneous

Thread ID:

00436100

Message ID:

00437784

Views:

Jim, Erik:

Erik Moore wrote:
> Even the possible security issue raised in the message
> before this is not valid, IMO. If a caller has to
> identify itself to the function, let it do so through
> parameters or properties

Jim Booth wrote:
> The indication is that teh function needs to know
> something that isn't part of its internal data and
> hasn't been passed as an argument, this indicates
> an external coupling of the function (again note
> the word indicates) and it warrants that the programmer
> review the function's desing to determine if, in fact,
> they have weakened the cohesion of the function.

All(?) frameworks include a form manager to manage forms.
The form manager usually has a DoForm method which receives
some parameters and instantiates a form based on those
parameters (whether through DO FORM or CREATEOBJECT is not
relevant). The method usually does not verify that the
parameters correspond to a form because it is assumed
developers will only send valid parameters and, if they will
catch any error in development. Note that you could
"improve" the method by verifying that the parameters
represent a form or a class which baseclass is form. IMO,
it's not worth it because the erroneous parameters should
be caugth in development.

What about a situation where an class exists solely to be a
bridge (controller) between a UI object (form) and other
objects that represent mission critical physical entities
(a machine in a production line). The form may only be able
to send a limited number of messages to the controller but
the controller may be able to send all messages to the
machine. I for one, would not want the form to directly
send messages to the machine.

Using parameters may not be acceptable because they can be
guessed at. I not sure which properties Erik was referring
to. If he refers to the machine's properties, does it mean
the form must be able to directly manipulate the machine?
This would not be any improvement on the on the parameters
idea IMO. If he refers to the sender's properties, the
machine knows something about the sender. IMO, it's a better
idea to authentificate the sender.

Increasing coupling by requiring identification may be highly
desirable in this case.

Daniel

Map

View

Click here to load this message in the networking platform