Stephen McConnell wrote:
Berin Loritsch wrote:
Regarding the ComponentValidator, I am temporarily relenting and
moving on. To my knowlege we are all in agreement concerning
Logging. That remains one sore spot to my knowlege *before* we
release.
Berin:
I think the points you have made in this thread are
right-on-the-money!
I think your talking about security concerns in the same way that I
think about security. Aside from whatever authentication solution,
access control mechanisms, trust management and so forth, if your
building a "valuable" system (i.e. a system handling valuable
assets), you design and build with the assumption that the system
WILL-BE-COMPROMISED. With this presumption there are a variety of
mechanisms that can employed to hide sensitive resources - but
achieving this requires defensive code - because you can never
totally depend on the container because there is always the question
of compromising the contains container (recursively). I disagree
with comments on this thread that this means you have already
lost the battle - internal subsystems can be much more defensive than
their containers. But building defensive systems means very rigorous
enforcement within an object of its operation state - and for that
runtime validation against standard lifecycle semantics is just
plain good-sense.
Thank you for the encouragement. The thing is that there are other
pieces of the puzzle that need to get out. When we are done releasing
Avalon Framework, we can resume the ComponentValidator discussion.
Notice that the title is *temporarily* relenting. I do intend to
bring it up again after Framework 4.1 is released.
Peter and I have a great repor, and while our discussions get quite
heated at times, the contracts and final solution we come up with
are better than the initial idea. They are forged by iron sharpenning
iron.
Besides, King Solomon had a great proverb: "The wounds of a friend
are better than the kisses of an enemy." I would much rather Peter
tell me that he thinks I'm wrong than disagree and leave. We get
a better project because of our combative personalities ;P.
Neither of us are afraid to speak our minds. This is something that
I encourage for everyone on the list. Don't be afraid of a good fight.
If you have a valid point to contribute to a discussion, contribute
it. Also, don't be offended if someone else on the list does not
agree with your point.
PS Where were you in the discussion? ;p
--
"They that give up essential liberty to obtain a little temporary safety
deserve neither liberty nor safety."
- Benjamin Franklin
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
