On Sunday, 3 August 2014 at 04:29:28 UTC, Kapps wrote:
On Saturday, 2 August 2014 at 19:10:51 UTC, Walter Bright wrote:
On 8/2/2014 4:12 AM, Artur Skawina via Digitalmars-d wrote:
More importantly, it's a huge security flaw. Not all bugs are
equal; an assertion being false means a bug exists, but
optimizing based off of this allows much more severe bugs to
exist. Given a function that makes a call to a
database/launches a process/returns some HTML/etc, having an
early check that directly or indirectly asserts the data is
valid to ease debugging will remove the runtime check that
ensures there's nothing malicious in that data. Now because you
had one extra assert, you have a huge security flaw and a great
deal of unhappy customers that have had their accounts
compromised or their information leaked. This is not an
unrealistic scenario.
The costumer should not be happy because an assert was used for
that...
---
Paolo