Since a dictionary is just a key-value store, I say we just generalize it and go with ec_kv to replace ec_dictionary. We can also have an ordered dictionary (orddict equiv) and call it ec_ordkv if we want.
Thanks! JW On Tue, May 15, 2012 at 10:07 AM, Eric Merritt <[email protected]>wrote: > Michael, > > I am ccing the erlware-dev list just to keep people appraised. See > responses inline. > > On Mon, May 14, 2012 at 6:26 PM, Michael Gebetsroither <[email protected]> > wrote: > > Hi Eric, > > > > I just tried to rename ec_dictionary to ec_dict as promised but seems > not that easy. > > The type is really named dictionary, renaming to dict is not possible as > it's already in > > erl_types.erl from otp/stdlib. > > I am pretty sure I ran into a similar thing originally. > > > > > ec_dict vs ec_dictionary is too confusing if the implementation of > ec_dictionary really contains > > implementation for type dict but ec_dict is the generic interface. > > Mabe something like ec_dict_impl. > > > > I doubt i can really just decide on such core points about "your" > library and would like to ask before > > sending an inappropriate pull request which would disrupt quite a bit of > code... > > Well its not really my library, it should be a community library > though erlware has custodian ship of it. That said, it sounds like we > just need to solve the naming conflict. Unfortunately, nothing is > coming to me. > > I am ok with the renaming suggestions you above in any case. > > > > > btw... imho there is a security bug/problem in erlware-commons/ec_file. > > The function in question is mkdtemp which calls mkdir_path but which is > not > > using O_EXCL flag to create the temp directory, thus making it prone to > link high-jacking. > > Additionally it uses a completely monotone and predictable random-part > which > > would make it quite an easy target. > > It also doesn't error out if the directory already exists, thus an > attacker could highjack > > the mkdtemp call without the application noticing and possible get to > sensitive data. > > Not setting permissions to 0700 for the temp dir is also something > unexpected. > > > > Imho if the name of a function is the same as from a standard defined > function with special > > security guarantees it's deadly to have the same name but none of the > security guarantees. > > I agree with you and it should be fixed. Would you file an issue > against erlware/erlware_commons with this detail? > > > michael > > -- > You received this message because you are subscribed to the Google Groups > "erlware-dev" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/erlware-dev?hl=en. > > -- You received this message because you are subscribed to the Google Groups "erlware-dev" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/erlware-dev?hl=en.
