How about adding NEW Special Tokens?? For ease and Security

Matthew Ong ongbp at yahoo.com
Wed May 25 08:55:34 PDT 2011 

On 5/25/2011 10:37 PM, pillsy wrote:
> == Quote from Matthew Ong (ongbp at yahoo.com)'s article
>> I do understand that this are compile time information and they
>> are static.
>> __FILE__  // prints something like D:\User\Project\...\MyMod.d
>>                I do not like this full path format because it
>> might give hacker some idea when of server directory layout
>> structure for webbase cgi /  layout, accidentally by junior
>> developer because of mis handled exceptions.
>

> This seems like a pretty weak reason (especially since it gives
> you the path of the *source file* in a compilation environment).
https://www.owasp.org/index.php/Fuzzing#File_format_fuzzing
Hmm... Somehow they do not think so. And I do know a Defense Ministry 
core vendor looks for this.


>
>> __LINE__  // some line number.
>
>> How about keeping those 2 and also adding some new compile time
>> information's tokens:
>> 1) __FILENAME__   // prints only MyMod.d
>
> Use CTFE.
>
> I don't disagree in principle with the idea of additional tokens,
> but I'm not sure the ones you're talking about make a lot of sense.
> I would like to see __COLUMN__, and I know adding it has been
> discussed, because it's the sort of thing one ought to be able to
> get from the compiler and it might be useful.

> One addition that I would advocate for whic isn't on your list is
> a token called __GENSYM__ (or perhaps __UNIQUE__ would be a better
> name), which returns a string that's guaranteed to be unique and
> usable as an identifier; this could provide additional safety when
> metaprogramming with mixin templates and string mixins. Right now
I believe that would be the __UUID__/__GUID__ used within Object type
serialization. Yeah. I agree I missed that out.

> you have to do hacky and not-terribly-robust things to synthesize
> unique IDs out of __FILE__ and __LINE__.
Try: __UUID__ = sha512_hash(__FILE__ ~ __LINE__ ~ __FUNCTION__)
Not too sure about the routine to call in D.

> Cheers,
> Pillsy


-- 
Matthew Ong
email: ongbp at yahoo.com

More information about the Digitalmars-d mailing list