Dnia 2024-02-25, o godz. 11:22:50 Alain D D Williams <a...@phcomp.co.uk> napisał(a):
> On Sat, Feb 24, 2024 at 07:44:44PM -0500, Jeffrey Walton wrote: > > On Sat, Feb 24, 2024 at 7:37 PM Andy Smith <a...@strugglers.net> > > wrote: > > > > > > [...] > > > Turning back more to protocol design, we have spent decades > > > walking back Postel's Law as we find more and more ways that > > > being liberal in what our software accepts is untenable in the > > > face of a hostile Internet. > > > > ++. Postel's Law is a disaster nowadays. It was fine back in the > > 1980's, but it is dangerous in the toxic environments of today. > > > > Here's what we teach our developers: Look for any reason you can to > > reject the data. If you can't find a reason, then begrudgingly > > perform the processing or transformation. > > There is a difference between not doing validation (eg a field being > numeric) and flexibility (eg a line length being 100 bytes which is > more than the specified 80 bytes). This is what Postel is talking > about. ...and how you would even handle it ? The DB field is 80 characters, do you want to just truncate it ? Or oversize the DB? what if DB field have that 100 bytes but someone sends 101? If the numeric field can be hex,dec,oct number or a string representing one of those (octal representation in particular is satan that claimed bugs in many projects), together with locale-specific dots dashes and commas separating thousands, that's plenty of code that can go wrong vs "okay this number is in range, job done" Yes of course there is a diffence between validation and flexibility but flexibility of protocol should only extend to backward compability, where it doesn't cost you too much, and not indefinitely. Not to be flexible just so someone can half-ass the implementation and still have it "work" because other servers cover up for the errors with being "flexible". There is a case for leeway in user-facing stuff - nobody wants to hunt for trailing whitespace in their forms just because they dared to copy-paste - but protocols had way too much leeway *because* most implementations ignored the second part, "be conservative in what you do" and frankly sent fucked up stuff that your implementation still needed to work with if it was a common open protocol. e-mail being particular example, oh the hundreds of problems with "our" mail servers that could be summed up by "your implementation pisses on RFC and that's why our mail server doesn't get your mail"... -- Mariusz Gronczewski (XANi) <xani...@gmail.com> GnuPG: 0xEA8ACE64 https://devrandom.eu
