←back to thread

Klarna users are being signed in to random accounts

(twitter.com)
475 points danielstocks | 2 comments | 27 May 21 10:28 UTC | HN request time: 0.41s | source
Show context
henvic ◴[27 May 21 15:07 UTC] No.27304014[source]
As a software engineer, I hate when I add a check for something "that will never happen" but that if happens is awful, and people complain.

A classic example: you need to get a user from a session, check against a database, and continue if they're signed in.

Then I add a simple if databaseUser.Username != form.Username and people will say "if that happens we've something worse wrong". Geez, something might be wrong and such double checking might provide to be useful.

On a smaller scale, bits flip due to cosmic rays and so on. Of course, there must be a limit where we stop, but people are used to actively avoid doing such "silly assertions" even for important steps.

¯\_(ツ)_/¯

replies(9): >>27304123 #>>27304382 #>>27304569 #>>27304654 #>>27304687 #>>27304894 #>>27308296 #>>27308719 #>>27309906 #
1. jacquesm ◴[27 May 21 16:08 UTC] No.27304687[source]
This is very good practice as far as I'm concerned. Functions should treat their arguments as potentially hostile input.
replies(1): >>27305821 #
2. cerved ◴[27 May 21 17:39 UTC] No.27305821[source]
maybe if it helps to fail fast and only public functions