On Friday, November 1, 2002, at 06:17 AM, Ken Williams wrote:
On Saturday, October 26, 2002, at 07:28 PM, Mark Knipfer wrote:On 10/26/02 1:25 PM, Trey Harris wrote:
<snip>
I think Trey was talking about the script, there, not casting aspersions at the question.It's a good question to ask, it's just that the right solution is probably "don't do it that way."I know that you all do not see this side of the computer, lucky for youOne of the cardinal rules of defensive programming, at least in the Unix world, is that you shouldn't check if you can do something--you should just try to do it. If it fails, *then* you check to see why. Many, many potential security problems can be avoided that way.
all, but I was working on the Perl code for a while. Since I am not
fluent in Perl yet, I thought I would ask the mailing list.
Trey's advice has another benefit - it's easier. Just as in life, it's easier to just try to do everything you have to do and wait until something goes wrong, than to try to check in advance every possible thing that could go wrong.
as in, establish the limits of your authority by testing them, not by trying to figure out what they might be. eg
unless (open(FH, ">$file")) {
do something else;
}
which seems like good advice, though perl isn't always sufficiently forgiving of failed operations to make it a universal principle (eg flock dying if unsupported, or makepath dying on failure).
best
will
ps. the other advice is good too, though i apply it too often and frequently don't realise I can't do something until it is forcefully pointed out to me :(
