At 5:40 PM +0200 5/28/01, Carles Xavier Munyoz Bald� wrote:
>Sorry, but I don't agree with your opinion.
>I'm a software developer and when I develope my software I make it to be
>prepared for any input it can receive.
>You can not develope a software and wait that all users send you the input
>in the format you have specified (not all the people is good user, in the net
>exists hackers and other kinds of bad users :).
>
>One of the most important tasks of a software developer is the syntax parse
>of the inputs received from the users.
>If this task is not done well, you will have problems like buffer overflows,
>segmentation faults, security problems, etc...
>Great part of the bugs reported to software developers like BIND, SENDMAIL,
>QPOPPER, ..., are bugs about buffer overflows generated due to a bad input
>parse.
The ultimate summation of the RFC's:
"Be Conservative in what you send, and liberal in what you accept."
If there's something in qpopper that breaks when its getting
1-char-per-packet type of thing, then it needs to get fixed, even if
that isn't the "normal mode of operation".
(caveat: I haven't been following this thread, but it sounds to me
like Carles has the right mindset)
D
--
+---------------------+-----------------------------------------+
| [EMAIL PROTECTED] | "Conan! What is best in life?" |
| Derek J. Balling | "To crush your enemies, see them |
| | driven before you, and to hear the |
| | lamentation of their women!" |
+---------------------+-----------------------------------------+
