[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Coding securely, was Linux (in)security
- To: Paul Schmehl <pauls@utdallas.edu>
- Subject: Re: [Full-Disclosure] Coding securely, was Linux (in)security
- From: Brett Hutley <brett@hutley.net>
- Date: Mon, 27 Oct 2003 14:44:28 +1100
Paul Schmehl wrote:
*snip*
You complain that the code would be really slowed down if consistent and
complete error checking were done. I wonder if anyone has ever really
tried to write code that way and then tested it to see if it really
*did* slow down the process? Or if this is just another one of those
"truisms" in computing that's never really been put to the test?
Yup. I work on large distributed systems for financial risk management
processing. We have some very tight calculation loops with preallocated
buffers because we can't afford to do any unnecessary stuff in these
loops. Because they are buried deep in the calculation engine we don't
need to worry about validating the input. An unnecessary piece of code
here makes the difference between the job taking 1 hour to process or 10
hours. There are some circumstances where tight code is essential. Of
course in MOST systems the speed of execution is not that critical.
Cheers, Brett
--
Brett Hutley [MAppFin,CISSP,SANS GCIH]
mailto:brett@hutley.net
http://hutley.net/brett
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html