However I didn't claim it improved quality, just that it's an insurance policy.
What I mean by that, is that you pay up front in time, to help protect against things going wrong in future... such as shipping code to production that allows anyone to login to anyone else's account.
All unit tests are, are externalised asserts about what your code should and shouldn't do.
There should certainly have been one that said, "User A should not be able to login to User B's account.", or at the very least "Login should fail when the password is not right.".
My point remains: You should expect people to make errors from time to time, just like you expect servers to go down from time to time. Whilst you're busy handling what happens when servers fail, you should also be busy thinking about how to deal with human errors too... and that means detecting and catching those errors early so that the impact that they have is minimal.
However I didn't claim it improved quality, just that it's an insurance policy.
What I mean by that, is that you pay up front in time, to help protect against things going wrong in future... such as shipping code to production that allows anyone to login to anyone else's account.
All unit tests are, are externalised asserts about what your code should and shouldn't do.
There should certainly have been one that said, "User A should not be able to login to User B's account.", or at the very least "Login should fail when the password is not right.".
My point remains: You should expect people to make errors from time to time, just like you expect servers to go down from time to time. Whilst you're busy handling what happens when servers fail, you should also be busy thinking about how to deal with human errors too... and that means detecting and catching those errors early so that the impact that they have is minimal.