El 05/01/2005, a las 2:46, Jan Minar escribi�:
Indeed, there's no point in not trusting other parts of the program (apart from robustness, sometimes). I think I've heard this one somewhere, and I have to repeat: there's no difference between the .po files and the .h or .c files: It's all just different ways of programming. You would have to rewrite gettext to make some security boundary between the C code and the translated strings.
I meant any input coming from an untrusted source such as a different user on the same system, or anything fetched from a network (be it a genuine server response, or some MiM-injected crap). -- But this is a basic security concept.
I would argue that even input coming from the *same* user should be sanitizied. The user doesn't have to be malicious, but they could accidentally (for any number of reasons, from any number of sources) pass garbage input to wget and cause it to crash, which looks bad. Basically the "circle of trust" should be defined as the boundary between the program itself and *anything* outside of it.
Just my opinion.
Cheers, Greg
