Re: assert() vs. return(error)

From: <kfogel_at_collab.net>
Date: 2006-02-16 04:28:00 CET

"Stuart Celarier" <SCelarier@corillian.com> writes:
> Allowing one user to deprive all other users of
> the server will at least tick off the users, and in the hands of a Bad
> Guy (TM) allows him stage a denial of service attack.

Huh? No one is arguing in favor of this. We had a technical question
on *where* the input should be validated, not a policy question on
*whether* it should be validated.

The direct repository-filesystem APIs are not a security boundary,
because anything using them also has direct access to the repository,
and any server that wants to stay running needs to have code that uses
the APIs properly. There is still a useability/friendliness question
of whether assert() vs error-return is best for the server code, but I
don't think it's a question on which security theory per se has much
bearing.

-Karl

-- 
www.collab.net  <>  CollabNet  |  Distributed Development On Demand
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Thu Feb 16 06:10:15 2006

This message: [ Message body ]
Next message: kfogel_at_collab.net: "Re: cmd line client for Win32"
Previous message: David James: "Re: [PATCH] Fix import in checkout_swig_header.py"
In reply to: Stuart Celarier: "RE: Re: assert() vs. return(error)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]