On Wed, May 07, 2008 at 10:27:48AM +1000, James A. Donald wrote:
> Dynamic strings tempt people to forget about enforcing
> length limits and forget about correctly handling the
> case when the length limits are exceeded.
This too is dealt with. Message sizes are bounded, recipient counts
are bou
"James A. Donald" <[EMAIL PROTECTED]> writes:
>In any program subject to attack, all strings should have known, documented,
>and enforced maximum length, a length large enough for all likely legitimate
>uses, and no larger.
Precisely. An example of where dynamic strings can lead you is what happ