Leo Sutic wrote:
Berin, Peter,
I'm not very worried about the security aspects of the ComponentValidator
class. Like Peter, I see the battle as lost when a malicious component has
entered the system, and I do not see that as enough reason to increase code
complexity.
This is true, but you can still minimize damage.
However, I am much more concerned with buggy containers. The case could be made
that a test case for containers would solve this, and I think Peter is
completely right in that. Such a test case *is* needed. There's no argument
against it.
I never argued against a testcase for containers. I argued *for* inclusion of
ComponentValidator
But it is also considered good practice to add assertions throughout the code, to catch
things that "can not" happen, and I see the ComponentValidator as a tool for
that.
This is one of my points, unfortunately Peter *will* not hear it.
Assertions provide a nice fail-fast, and aids in debugging.
(Regarding UNIX file permissions: I see the security aspect of them, but to me
they are also protection against users inadvertently deleting the wrong files.
I have had much more work related to user screwups than cracker assaults. The
neat thing is that I get protection from both from file permissions.
ComponentValidator does the same - primarily I get faster debugging and better
regression tests, and if it stops some component hell-bent on destruction as
well, then that is good.)
Yet another point in favor of the ComponentValidator.
Can I assume then that your are +1 on the matter?
--
"They that give up essential liberty to obtain a little temporary safety
deserve neither liberty nor safety."
- Benjamin Franklin
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
