enforce()?
Vladimir Panteleev
vladimir at thecybershadow.net
Sun Jun 20 17:53:18 PDT 2010
On Mon, 21 Jun 2010 03:40:48 +0300, Walter Bright
<newshound2 at digitalmars.com> wrote:
> Vladimir Panteleev wrote:
>> On Mon, 21 Jun 2010 00:17:28 +0300, Walter Bright
>> <newshound2 at digitalmars.com> wrote:
>>
>>> An input to a dll is user input, and should be validated (for the sake
>>> of security, and other reasons). Validating it is not debugging.
>> I don't understand why you're saying this. Security checks in DLL
>> functions are pointless, for the reasons I already outlined:
>
> It's true that whenever user code is executed, that code can do
> anything. Hello, ActiveX. But I still think it's sound practice to treat
> any data received from another program as untrusted, and validate it.
> Security, like I said, is only one reason. Another is to prevent bugs in
> external code from trashing your process.
Yes, but this is a completely different kind of trust (incompetence
instead of intentional malice) :)
I was simply arguing the technical point of pointlessness of verifying
data from DLLs specifically for security reasons (buffer overflows, code
injection etc.).
Other than that, this is the usual performance vs. robustness dilemma
(though my personal opinion is that an ideal language/platform/etc. should
allow programmers to take all the responsibility for maximum performance).
-- Best regards,
Vladimir mailto:vladimir at thecybershadow.net
More information about the Digitalmars-d
mailing list