Reinier Olislagers wrote:
On 2-4-2013 5:13, Noah Silva wrote:
Actually I think on OS X and Linux it makes sense to depend on OpenSSL,
but not for the reasons you mentioned so much as one more: Security.
That's probably why the previous poster wrote robust etc. Sounds like
security attributes to me.
If
you are using doing encryption, then it's better to use a library that
is updated more often for bug fixes, and to have the updates be applied
to your program automatically. If you static-link it in, it will never
be updated until you update it and ship a new version of your program
and everyone installs it. If you dynamically link to it, then then the
operating system updates it, you get the updates "for free".
Depends. If you're using (say) a hash function to store a token in lieu
of a password then the important thing is that this behaves consistently
across platforms and program versions. If an external library eliminated
a potential security flaw (the most common case being when null text was
processed) that might be significant in the case of key scheduling for
data transfer over an insecure channel, but not for purely local storage.
As usual, there's little substitute for the original programmer knowing
what he's doing, and for him documenting what he's done so that
maintainers know what sort of external event can cause an issue.
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]
_______________________________________________
fpc-pascal maillist - fpc-pascal@lists.freepascal.org
http://lists.freepascal.org/mailman/listinfo/fpc-pascal
