[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Coding securely, was Linux (in)security
- To: <full-disclosure@lists.netsys.com>
- Subject: RE: [Full-Disclosure] Coding securely, was Linux (in)security
- From: "Chris Eagle" <cseagle@redshift.com>
- Date: Sun, 26 Oct 2003 19:25:31 -0800
> -----Original Message-----
> From: full-disclosure-admin@lists.netsys.com
> [mailto:full-disclosure-admin@lists.netsys.com]On Behalf Of Paul Schmehl
>...
>
> But it shouldn't be the job of the writer of a subroutine to verify the
> inputs. The writer of a subroutine defines what the appropriate inputs to
> that routine are, and it's up to the *user* of that subroutine to use it
> properly. The entire concept behind OOP is that you cannot know what's in
> the "black box" you're using. That makes it incumbent on you as the
*user*
> of a subroutine to use the correct inputs and to *verify* those inputs
when
> necessary.
>
That is the most backward thing I have ever heard. So you are saying all I
need to do as a programmer is tell you not to pass a negative number/null
pointer/un-initialized value... to my function and I am off the hook. All I
can say is that I am glad utdallas doesn't have you teaching programming.
The fact that you are unaware what lies inside the black box in no way
relieves the responsibility of the designer of the black box to make sure
that it behaves predictably under all input cases.
Chris
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html