Leo Sutic wrote:
> Berin, Peter,
>
> I'm not very worried about the security aspects of the ComponentValidator class.
>Like Peter, I see the battle as lost when a malicious component has entered the
>system, and I do not see that as enough reason to increase code complexity.
>
This is true, but you can still minimize damage.
> However, I am much more concerned with buggy containers. The case could be made that
>a test case for containers would solve this, and I think Peter is completely right in
>that. Such a test case *is* needed. There's no argument against it.
>
I never argued against a testcase for containers. I argued *for* inclusion of
ComponentValidator
> But it is also considered good practice to add assertions throughout the code, to
>catch things that "can not" happen, and I see the ComponentValidator as a tool for
>that.
>
This is one of my points, unfortunately Peter *will* not hear it.
> Assertions provide a nice fail-fast, and aids in debugging.
>
> (Regarding UNIX file permissions: I see the security aspect of them, but to me they
>are also protection against users inadvertently deleting the wrong files. I have had
>much more work related to user screwups than cracker assaults. The neat thing is that
>I get protection from both from file permissions. ComponentValidator does the same -
>primarily I get faster debugging and better regression tests, and if it stops some
>component hell-bent on destruction as well, then that is good.)
>
Yet another point in favor of the ComponentValidator.
Can I assume then that your are +1 on the matter?
--
"They that give up essential liberty to obtain a little temporary safety
deserve neither liberty nor safety."
- Benjamin Franklin
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
