On Thu, Sep 27, 2012 at 9:41 AM, Allen Wirfs-Brock <al...@wirfs-brock.com>wrote:
> > On Sep 27, 2012, at 9:31 AM, Andrea Giammarchi wrote: > > > it would be stupid to code like that but it makes sense since it has > basically always been like that :) > > A big part of of my job is specifying what stupid code does. > Although Allen does so mostly for non-security reasons, I'll take this moment to make a security point: "Normal" non-defensive programming generally seeks to avoid edge cases, and especially edge cases where platforms are likely to differ. Attackers see such edge cases as opportunities. Whereas a correct program should work on all conforming platforms, an attack is successful even if it only succeeds on one supported platform. Therefore, defensive programs, though they should still stay away from edge conditions for the functionality they provide, must worry about and defend themselves against all the possible adversary behaviors that these edge conditions might enable. Thus, a language that supports defensive programming needs this kind of careful attention to "stupid" edge conditions. This is not to argue for or against any specifics of this proposal. > > Allen > > _______________________________________________ > es-discuss mailing list > es-discuss@mozilla.org > https://mail.mozilla.org/listinfo/es-discuss > -- Cheers, --MarkM
_______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss
