enforce()?
Walter Bright
newshound2 at digitalmars.com
Sun Jun 20 17:40:48 PDT 2010
Vladimir Panteleev wrote:
> On Mon, 21 Jun 2010 00:17:28 +0300, Walter Bright
> <newshound2 at digitalmars.com> wrote:
>
>> An input to a dll is user input, and should be validated (for the sake
>> of security, and other reasons). Validating it is not debugging.
>
> I don't understand why you're saying this. Security checks in DLL
> functions are pointless, for the reasons I already outlined:
It's true that whenever user code is executed, that code can do anything. Hello,
ActiveX. But I still think it's sound practice to treat any data received from
another program as untrusted, and validate it. Security, like I said, is only
one reason. Another is to prevent bugs in external code from trashing your process.
More information about the Digitalmars-d
mailing list