On 24 Sep 2009 06:33:24 -0700, scott.r...@joann.com (Scott Rowe) wrote: >[rant] >This whole thread really irks me. Simply the idea that a program might move a >variable length string without first checking for limits is just appalling. I >would be pretty ashamed if I found I had done that in any of my personal >programs, let alone any code I wrote when I was working for an ISV, authorized >or not. This is the very type of sloppy code that causes many of Microsoft's >security exposures. I thought that we, as a community, had better discipline >than that.
I have been thinking the same thing. "Following IBM standards" doesn't mean ignoring simple boundary checking. Sure, we used to "cheat" in having too long tables in older versions of CoBOL, but when our compilers were changed to allow for larger tables, we knew to fix them (before an optimizer broke them). ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
