On Mon, Jan 27, 2003 at 08:57:38AM -0600, Thomas Eibner wrote: > On Mon, Jan 27, 2003 at 02:45:13PM +0000, Matt Sergeant wrote: > > The programmer wants to output a header. If he accidentally tries to > > output something thats not a header he actually ends up outputting body. > > Thats a bug. > I can see the validity of your point, but it's still a programmer error.
Yes, but have you ever heard of the concept of defensive programming? > The same thing could happen if you did this as plain CGI and outputted > something you weren't supposed to do. We have full access to the API and > can do whatever we want (both in Perl and C), that doesn't mean we should > let our guards down. I still don't consider this a serious problem :) If the API is for dealing with headers, and can output something that isn't a header, I'd say that's a brokenness in the API. I agree that not validating your input is a reason for deserving to lose, but on the other hand, this is equally of the Apache API in this case. My tuppence. MBM -- Matthew Byng-Maddick <[EMAIL PROTECTED]> http://colondot.net/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
