Table of Contents

itemProcess in

SQL Script Specification

I. Recommendations for creating table statements

Security Issues

I. Concurrent race conditions

There are always many processes in large companies, record the various specifications (pits) encountered~

Processes in the project

1. Requirement review - user story, need to hold requirement review meeting
2. Use case review meeting is required after writing test cases
3. Submit code needs to bring user story or defect ID to achieve traceability of submitted code
4. Code submission requires review
5. Write unit tests and pay attention to code coverage
6. The release needs to be signed,

SQL Script Specification

I. Recommendations for building a table statement

1. The primary key is an auto-incrementing bigint type, preferably the table name _ID or ID
2. Keywords are not allowed for attributes
3. It must be created by (meaningful user name), created time, modified by, modified time
4. crated_time detetime not null default current_timestamp comment 'creation time';
5. crated_by varchar(100) not null default comment 'Created by';

Security Issue

One, race condition concurrency

Description: However, high concurrent threads are used to bypass registration restrictions and register a large number of users with the same name.

Solution:

(1) Controlled by the use of locks in the program;

(2) Cooperative control with transactions and locks in the database

(3) Set a higher isolation level for transactions in the database

The above three have pros and cons

Second, file upload verification

Description: The following checks must be added

1. FileUploaded directory permissions are set to non-executable

2. file file extension is judged using a whitelist mechanism

3. Maximum file limit

4. The file name cannot contain / and spaces

6. Userewrite the file name and file path with random numbers

Uuid + timestamp is usually used to rename, the relationship between file location and uploader, just write it into the database