On Wed, 11 Aug 2010 13:44:05 -0400 Walt Farrell <[email protected]> wrote:
:>On Wed, 11 Aug 2010 10:39:50 -0400, Watkins, Douglas :><[email protected]> wrote: :> :>>When creating new routines, I prefer they be created in an "API-style," :>>using macros for generating the parameter list and invoking the routine :>>as well as mapping the list of pointers and the fields to which they :>>point. This gives the called routine a relatively high degree of :>>confidence that the construction of the parameter list is valid. :>While I may agree with providing that method of constructing the parameters :>and invoking the module, I would say that from a system integrity point of :>view the called module still must verify everything. In the general case it :>can not assume that the caller used the method you provided. :>In other words, you might have a "relatively high degree of confidence" that :>the parameter list is valid if you can guarantee that you wrote all the code :>in the callers, too. But if you can't guarantee that, you have a false sense :>of confidence that might well lead you to having an integrity exposure. Obviously if the called routine has greater authority than the caller, everything must be checked in detail. But if it runs at equal authority there is nothing the caller can do, no matter how much the plist is messed up, to affect integrity. -- Binyamin Dissen <[email protected]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies.
