← Back to context

Comment by williamdclt

2 days ago

> no input validation, string concatenating for the database access (SQL injection), no input scrubbing (XSS), based on the call pattern there were some missing indices, a few bad data type choices (e.g. integer for user ID), a possible infinite loop in one case

I'd say all this stuff is junior-level (maybe ~mid for things like user ID integers). It's just a checklist of "obvious bad practices", it doesn't require experience.

The senior stuff is much higher-level: domain modelling, code architecture, consistency guarantees, system resilience... system design in general.

2 comments

williamdclt

Reply
CharlieDigital  2 days ago

You can do all of that in a code review; the point is that it actually allows for better stratification because you can incorporate different challenges in a reasonable time frame and without having to do take homes and get working environments (you'll end up reviewing their code anyways in a followup session).

  • IshKebab  2 days ago

    You can do it in a real code review. I think his point was that you can't do stuff like "instead of loading a YAML file at runtime this should be generated during build time using the existing infrastructure we have here" type stuff.

    But I'm not sure you really need to in a job interview. It's not like you can do that with any other interview method anyway - leetcode also doesn't really touch high level architecture type stuff, and take home problems are also too small (or they should be anyway!)

    In my experience you only learn how good developers' architectural taste is by working with them for a long time.