Is public by default an unsafe default?
Steven Schveighoffer
schveiguy at gmail.com
Thu May 2 00:27:40 UTC 2024
On Wednesday, 1 May 2024 at 23:24:01 UTC, NotYouAgain wrote:
> On Wednesday, 1 May 2024 at 14:33:42 UTC, Steven Schveighoffer
> wrote:
>> ..
>> ...
>> I don't see how public by default affects memory safety.
>>
> I don't recall claiming it was related to memory safety. It is
> cleary not.
>
> The word safe surely does not only apply to memory safety, now
> does it.
As far as D is trying to be "safe by default", this is in the
context of memory safety only.
> Most breaches that have affected me, personally, have been API
> breaches.
>
> https://nordicapis.com/8-significant-api-breaches-of-recent-years/
I can't see how a language can stop people from not exposing API
they didn't intend to expose.
Just the top one on the list:
"With the Optus API beach, attackers discovered a publicly
exposed endpoint that didn’t require authentication."
How is D possibly going to enforce that certain API routes on a
high-level framework have framework-specific authentication
enabled?
-Steve
More information about the Digitalmars-d
mailing list