How, in this century, did anyone think passing http url params as env vars was an acceptable design? Fix is incomplete & goahead is unfixable.https://twitter.com/elttam/status/942630494054752256 …
The interface definition is unsafe & unusable. Not an implementation issue.
-
-
True that the standard gets() interface is unusable, unless all input is trusted. Next q: how to deal with an overly permissive interface that somehow got as far as being "standard"? "Refactor all code" is one option. "Write down a usable refinement and implement it" is another.
-
The same goes of the C language itself. It's a permissive yet standard "interface". It's also, in one particular sense, unsafe by design. I personally don't advocate throwing away C.
-
On reflection this is unfair in one respect: it is *possible*, albeit very very difficult, to write portably secure and correct C. It is not possible to use gets() in the same way. Still, in practice, all interesting C code relies on *some* properties of implementation(s)....
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.