enforce()?
Leandro Lucarella
luca at llucax.com.ar
Sun Jun 20 18:22:19 PDT 2010
Walter Bright, el 20 de junio a las 17:40 me escribiste:
> Vladimir Panteleev wrote:
> >On Mon, 21 Jun 2010 00:17:28 +0300, Walter Bright
> ><newshound2 at digitalmars.com> wrote:
> >
> >>An input to a dll is user input, and should be validated (for
> >>the sake of security, and other reasons). Validating it is not
> >>debugging.
> >
> >I don't understand why you're saying this. Security checks in DLL
> >functions are pointless, for the reasons I already outlined:
>
> It's true that whenever user code is executed, that code can do
> anything. Hello, ActiveX. But I still think it's sound practice to
> treat any data received from another program as untrusted, and
> validate it. Security, like I said, is only one reason. Another is
> to prevent bugs in external code from trashing your process.
How can you prevent that? If you pass incorrect data to a DLL, then the
bug is *yours*. If the DLL has a bug, it will explode anyways. You are
just trying to catch programs bugs in the DLL, which seems overly
patronizing to me. Why will you assume I'm so dumb that I won't use your
interface correctly?
--
Leandro Lucarella (AKA luca) http://llucax.com.ar/
----------------------------------------------------------------------
GPG Key: 5F5A8D05 (F8CD F9A7 BF00 5431 4145 104C 949E BFB6 5F5A 8D05)
----------------------------------------------------------------------
Karma police
arrest this girl,
her Hitler hairdo
is making me feel ill
and we have crashed her party.
More information about the Digitalmars-d
mailing list