Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Coding securely, was Linux (in)security

From: "Chris Eagle" <cseagle () redshift com>
Date: Sun, 26 Oct 2003 19:25:31 -0800
-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Paul Schmehl
...

But it shouldn't be the job of the writer of a subroutine to verify the
inputs.  The writer of a subroutine defines what the appropriate inputs to
that routine are, and it's up to the *user* of that subroutine to use it
properly.  The entire concept behind OOP is that you cannot know what's in
the "black box" you're using.  That makes it incumbent on you as the

*user*

of a subroutine to use the correct inputs and to *verify* those inputs

when

necessary.



That is the most backward thing I have ever heard.  So you are saying all I
need to do as a programmer is tell you not to pass a negative number/null
pointer/un-initialized value... to my function and I am off the hook.  All I
can say is that I am glad utdallas doesn't have you teaching programming.
The fact that you are unaware what lies inside the black box in no way
relieves the responsibility of the designer of the black box to make sure
that it behaves predictably under all input cases.

Chris

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: