Sign Of Insecurity In Code

When I see comments for accessors or case statements, I think of possible code smells. Looks like it's a sign of insecurity which comes together with poorly written code.

Some justification for that?

Some places where it's appropriate are where you have to deal with code from different organizations, or they will have to deal with your code.

Comments are an insecure CodeSmell? I can't understand that position at all - can you explain? Surely you aren't advocating SecurityThroughObscurity.

The author means 'insecure' in an entirely different sense. To summarize the position, when a programmer feels the need to use a comment in their program, it indicates that the intent of the code isn't clear on its own, and therefore, something's wrong. Please read TreatCommentsWithSuspicion for more.

So comments are not insecure as in "hacker resistant", but insecure as in "the code is probably borked"? I suppose it depends on the type of comments. I can't see that commenting for auto-doc tools, or algorithm descriptions are a design smell, but I don't think that's what the author is referring to.

No, the author is suggesting that presence of comments doesn't indicate the code is insecure. they indicate the programmer is insecure.

[EditHint: merge with CodeSmell]


CaseStatementsConsideredHarmful TreatCommentsWithSuspicion SingletonsAreEvil AccessorsAreEvil


EditText of this page (last edited November 26, 2014) or FindPage with title or text search