How about adding NEW Special Tokens?? For ease and Security
Matthew Ong
ongbp at yahoo.com
Wed May 25 08:55:34 PDT 2011
On 5/25/2011 10:37 PM, pillsy wrote:
> == Quote from Matthew Ong (ongbp at yahoo.com)'s article
>> I do understand that this are compile time information and they
>> are static.
>> __FILE__ // prints something like D:\User\Project\...\MyMod.d
>> I do not like this full path format because it
>> might give hacker some idea when of server directory layout
>> structure for webbase cgi / layout, accidentally by junior
>> developer because of mis handled exceptions.
>
> This seems like a pretty weak reason (especially since it gives
> you the path of the *source file* in a compilation environment).
https://www.owasp.org/index.php/Fuzzing#File_format_fuzzing
Hmm... Somehow they do not think so. And I do know a Defense Ministry
core vendor looks for this.
>
>> __LINE__ // some line number.
>
>> How about keeping those 2 and also adding some new compile time
>> information's tokens:
>> 1) __FILENAME__ // prints only MyMod.d
>
> Use CTFE.
>
> I don't disagree in principle with the idea of additional tokens,
> but I'm not sure the ones you're talking about make a lot of sense.
> I would like to see __COLUMN__, and I know adding it has been
> discussed, because it's the sort of thing one ought to be able to
> get from the compiler and it might be useful.
> One addition that I would advocate for whic isn't on your list is
> a token called __GENSYM__ (or perhaps __UNIQUE__ would be a better
> name), which returns a string that's guaranteed to be unique and
> usable as an identifier; this could provide additional safety when
> metaprogramming with mixin templates and string mixins. Right now
I believe that would be the __UUID__/__GUID__ used within Object type
serialization. Yeah. I agree I missed that out.
> you have to do hacky and not-terribly-robust things to synthesize
> unique IDs out of __FILE__ and __LINE__.
Try: __UUID__ = sha512_hash(__FILE__ ~ __LINE__ ~ __FUNCTION__)
Not too sure about the routine to call in D.
> Cheers,
> Pillsy
--
Matthew Ong
email: ongbp at yahoo.com
More information about the Digitalmars-d
mailing list