|
Boost : |
From: Peter Dimov (pdimov_at_[hidden])
Date: 2005-04-24 08:02:50
David Abrahams wrote:
> "Giovanni P. Deretta" <lordshoo_at_[hidden]> writes:
>
>> - It is extremely insecure. In a network library security must be
>> paramount. If the transport type were encoded in the address, it
>> would be much harder to validate externally received addresses. A
>> similar argument can be made for the port numbers. It is better to
>> keep these things separated. The library user can create its own
>> indexed factory collection if it really needs to.
>
> That's a very convincing argument.
No, it isn't. If you analyze the security of the two cases carefully you'll
see that there isn't much of a difference, except that the
"transport-encoded" type gives you one bit of extra information, the
transport, which you can check against your expectations.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk