My desire is that programs should be designed to gracefully refuse to be abused, otherwise I tend to classify them as broken.
For example, the huge number of security problems in the Windows world is caused by buffer overruns. The user (albeit a malicious user) usually constructs some form of invalid input which causes the program to overrun a buffer. The carefully crafted damage is such to cause the program to do something totally unintended by the author. One could argue that the program was never intended to handle improperly formatted input and was working as designed. I believe that most programmers only test that their programs perform the intended functions, and rarely test them to ensure that they cannot be abused. Indeed it is much harder write a program that not only does what it was intended to do, but also refuses to be abused into doing something unintended. So while a program (which is only intended to be executed from JCL) crashes when it is given a 10,000 character PARM may not be broken; it can certainly be improved. Don Williams -----Original Message----- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Gainsford, Allen Sent: Thursday, October 29, 2009 5:00 PM To: IBM-MAIN@bama.ua.edu Subject: Re: A modest PARM proposal <snip> If a program is only intended to be called from JCL, and it does not cope with being called with longer parameters, then the program is not broken. It is following the rules, and functioning as intended. If some clever person calls the program from REXX with a 10,000-character PARM and the program crashes, it is the caller who is at fault. They were not calling the program as intended. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
