repeated parameter names and default values
Mark S. Miller
erights at google.com
Thu Sep 27 10:10:01 PDT 2012
On Thu, Sep 27, 2012 at 9:41 AM, Allen Wirfs-Brock <allen at wirfs-brock.com>wrote:
> On Sep 27, 2012, at 9:31 AM, Andrea Giammarchi wrote:
> > it would be stupid to code like that but it makes sense since it has
> basically always been like that :)
> A big part of of my job is specifying what stupid code does.
Although Allen does so mostly for non-security reasons, I'll take this
moment to make a security point:
"Normal" non-defensive programming generally seeks to avoid edge cases, and
especially edge cases where platforms are likely to differ.
Attackers see such edge cases as opportunities. Whereas a correct program
should work on all conforming platforms, an attack is successful even if it
only succeeds on one supported platform.
Therefore, defensive programs, though they should still stay away from edge
conditions for the functionality they provide, must worry about and defend
themselves against all the possible adversary behaviors that these edge
conditions might enable.
Thus, a language that supports defensive programming needs this kind of
careful attention to "stupid" edge conditions.
This is not to argue for or against any specifics of this proposal.
> es-discuss mailing list
> es-discuss at mozilla.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es-discuss