Looking at old applications, we always wonder who in their right mind thought of building them so badly. But every repository has its story and every effort has noble origins. I encountered such an application in my career, and I was lucky enough that they had used version control to preserve its history. Let me describe how the application looked in its latest state.
This was a website that managed logs for millions of devices around the world. In the report page, you could query the most prevalent type of error that occurred in the wild and track it through time to see when it was introduced and when it was resolved. A pretty useful report.
The problem was, in the UI, you didn't have a button or a link to get to the report. Instead, you were presented with a text box where you could write the SQL queries yourself. In other words, this was a SIAAS, most commonly known as SQL Injection As A Service. The entire database was exposed for anyone who had access to the service.
Traveling through time and CSV (version control), I discovered the initial commit when the report was first started more than a decade earlier. The page was a typical report page where you could enter a date range, some keywords, and click a "Generate" button. Through time, it transformed into its final form, a pure text field where you could type your raw SQL.
How did it happen? Well, with one request at a time over the span of 10 years.
1. Add just one more field
The first request was to add an additional field to the report. The developer added the field in the hard-coded SQL string inside the application, then updated the UI to read this new field. Easy enough. Everyone was happy.
But then there was a second request. This one was a bit harder. The requested field was in a different table. When the developer joined the new table, some of the results were incorrect or incomplete. Others complained that they were not seeing the data anymore. It took some restructuring to fix the report.
But then, someone complained that they didn't want that field in the report. It was messing with their VLOOKUP. After a long discussion, it was agreed that all new fields should be appended at the end of the table. Of course, this was weird since there were now some fields appearing after the creation date field.
2. New Features requested
... continue reading