Program logic bugs vs input/environmental errors
Kagamin via Digitalmars-d
digitalmars-d at puremagic.com
Sat Nov 1 03:52:31 PDT 2014
On Friday, 31 October 2014 at 21:06:49 UTC, H. S. Teoh via
Digitalmars-d wrote:
> This does not mean that process isolation is a "silver bullet"
> -- I
> never said any such thing.
But made it sound that way:
> The only failsafe solution is to have multiple redundant
> processes, so when one process becomes inconsistent, you
> fallback to
> another process, *decoupled* process that is known to be good.
If you think a hacker rooted the server, how do you know other
perfectly isolated processes are good? Not to mention you
suggested to build a system from *communicating* processes, which
doesn't sound like perfect isolation at all.
> You don't shutdown the *entire* network unless all redundant
> components have failed.
If you have a hacker in your network, the network is compromised
and is in an unknown state, why do you want the network to
continue operation? You contradict yourself.
More information about the Digitalmars-d
mailing list