That's a rather pragmatic view, isn't it?
Perhaps if other language constructs are not used, they should be removed?
OTOH - perhaps the fault is not the language but the coder of the language?
- lack of knowledge
- pressure to complete lines of code
- lack of [management] focus on security
[Picking out one minor point:]
| [Exceptions] can simplify the code because
| -as previously mentioned by Tim, they separate error handling from normal
| logic, so the code is easier to read (it is simpler from a human reader's
| perspective). I have found bugs in my own code by going from error h
> -Original Message-
> From: Pascal Meunier [mailto:[EMAIL PROTECTED]
> Sent: Friday, September 01, 2006 7:41 AM
> To: [EMAIL PROTECTED]
> Cc: Tim Hollebeek; sc-l@securecoding.org
> Subject: Re: [SC-L] Coding with errors in mind - a solution?
>
> On 8/31/06 8:05 PM, "mikeiscool" <[EMAI
>> if an exception is handled several call layers above, you don't have
>> to copy/translate and relay the error at each layer, [...]
> But the intervening stack frames have to be (painfully) aware of the
> fact that they might terminate abruptly.
That's what unwind-protect is for.
What, you don'
I can't say enough good things about this interview:
Conversation with Bruce Lindsay
Design For Failure
http://www.acmqueue.org/modules.php?name=Content&pa=showpage&pid=233
BL: There are two classes of detection. One is that I looked at my own guts and
they didnt look right, and so I say this i
