Leo Sutic wrote:

> Berin, Peter,
> 
> I'm not very worried about the security aspects of the ComponentValidator class. 
>Like Peter, I see the battle as lost when a malicious component has entered the 
>system, and I do not see that as enough reason to increase code complexity.
> 


This is true, but you can still minimize damage.


> However, I am much more concerned with buggy containers. The case could be made that 
>a test case for containers would solve this, and I think Peter is completely right in 
>that. Such a test case *is* needed. There's no argument against it.
> 


I never argued against a testcase for containers.  I argued *for* inclusion of 
ComponentValidator


> But it is also considered good practice to add assertions throughout the code, to 
>catch things that "can not" happen, and I see the ComponentValidator as a tool for 
>that.
> 


This is one of my points, unfortunately Peter *will* not hear it.


> Assertions provide a nice fail-fast, and aids in debugging.
> 
> (Regarding UNIX file permissions: I see the security aspect of them, but to me they 
>are also protection against users inadvertently deleting the wrong files. I have had 
>much more work related to user screwups than cracker assaults. The neat thing is that 
>I get protection from both from file permissions. ComponentValidator does the same - 
>primarily I get faster debugging and better regression tests, and if it stops some 
>component hell-bent on destruction as well, then that is good.)
> 


Yet another point in favor of the ComponentValidator.

Can I assume then that your are +1 on the matter?



-- 

"They that give up essential liberty to obtain a little temporary safety
  deserve neither liberty nor safety."
                 - Benjamin Franklin


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to