enforce()?

Walter Bright newshound2 at digitalmars.com
Sun Jun 20 17:40:48 PDT 2010


Vladimir Panteleev wrote:
> On Mon, 21 Jun 2010 00:17:28 +0300, Walter Bright 
> <newshound2 at digitalmars.com> wrote:
> 
>> An input to a dll is user input, and should be validated (for the sake 
>> of security, and other reasons). Validating it is not debugging.
> 
> I don't understand why you're saying this. Security checks in DLL 
> functions are pointless, for the reasons I already outlined:

It's true that whenever user code is executed, that code can do anything. Hello, 
ActiveX. But I still think it's sound practice to treat any data received from 
another program as untrusted, and validate it. Security, like I said, is only 
one reason. Another is to prevent bugs in external code from trashing your process.


More information about the Digitalmars-d mailing list