checkedint call removal
Paolo Invernizzi via Digitalmars-d
digitalmars-d at puremagic.com
Sun Aug 3 02:29:58 PDT 2014
On Sunday, 3 August 2014 at 04:29:28 UTC, Kapps wrote:
> On Saturday, 2 August 2014 at 19:10:51 UTC, Walter Bright wrote:
>> On 8/2/2014 4:12 AM, Artur Skawina via Digitalmars-d wrote:
>
> More importantly, it's a huge security flaw. Not all bugs are
> equal; an assertion being false means a bug exists, but
> optimizing based off of this allows much more severe bugs to
> exist. Given a function that makes a call to a
> database/launches a process/returns some HTML/etc, having an
> early check that directly or indirectly asserts the data is
> valid to ease debugging will remove the runtime check that
> ensures there's nothing malicious in that data. Now because you
> had one extra assert, you have a huge security flaw and a great
> deal of unhappy customers that have had their accounts
> compromised or their information leaked. This is not an
> unrealistic scenario.
The costumer should not be happy because an assert was used for
that...
---
Paolo
More information about the Digitalmars-d
mailing list