[thelist] Offering contracts: Opinions on Etiquette?
Warden, Matt
mwarden at odyssey-design.com
Sat Nov 4 12:15:39 CST 2000
> > 1. I too have refused to show my code. I am willing to explain algorithms,
> > up to a point, but not code. Code belongs to the company I was
> > working for,
> > and I gently explain I defend their right to their code, just like I will
> > defend the interviewer's code in the future. It seemed that it
> > worked cause
> > I always got the job ;-)
>
> I'm confused about this. Yes, the company owns the code but you're not
> giving it away, right? I have no problem showing work that I did as a
> designer for another company. If the new company asked me to "copy that old
> site you did" then no, I wouldn't but what's the harm in showing that I did
> it. I also don't have a problem with interviewers "viewing source" on sites
> I've done the code work on. I'm sure that's different from cf but I don't
> see that it is a huge leap.
I'd argue it is. When you expose the source code to any sort of application,
you are exposing more than code. You are exposing how the system works
internally. with that knowledge, one could do any number of things ranging
from skipping certain parts of the application to "hacking" or "cracking" the
system to get to information they shouldn't be getting to. There's a reason
that IIS administrators patch up bugs that allow their ASP source to be
outputted to the screen.
A *real* simple example of why this is bad deals with databases. Most
developers password-protect and even encrypt their databases to secure their
data. This means that ASP must connect to the database using the
username/password that the database requires... which means those are in the
source code. So, if an app stores credit card information, etc., I sure as
hell wouldn't want to be passing out the username/password pair that could be
used to gain access to that information.
Like I said, just a simple example because I couldn't think of anything better
off the top of my head. Bottom line, I think, is:
If you paid someone to build an application for you, would you want them to go
to an interview with a competitor and tell them how your application works
internally?
Besides, if you all don't think it's an issue, just get permission from the
company that owns the code. Ask them "would you mind if your previous
employee/contractor came and told me how your application worked internally
and gave me your database username and password?" I'm sure you'll get the
permission you desire...
--
mattwarden
mattwarden.com
More information about the thelist
mailing list