Boost :

From: David Abrahams (dave_at_[hidden])
Date: 2005-04-24 10:24:06

• Next message: David Abrahams: "[boost] Re: [threads] Future directions"
• Previous message: Peter Dimov: "Re: [boost] Re: [network] An RFC - updated"
• In reply to: Peter Dimov: "Re: [boost] Re: Yet Another Network Library"
• Next in thread: Giovanni P. Deretta: "Re: [boost] Re: Yet Another Network Library"

"Peter Dimov" <pdimov_at_[hidden]> writes:

> David Abrahams wrote:
>> "Giovanni P. Deretta" <lordshoo_at_[hidden]> writes:
>>
>>> - It is extremely insecure. In a network library security must be
>>> paramount. If the transport type were encoded in the address, it
>>> would be much harder to validate externally received addresses. A
>>> similar argument can be made for the port numbers. It is better to
>>> keep these things separated. The library user can create its own
>>> indexed factory collection if it really needs to.
>>
>> That's a very convincing argument.
>
> No, it isn't. If you analyze the security of the two cases
> carefully you'll see that there isn't much of a difference, except
> that the "transport-encoded" type gives you one bit of extra
> information, the transport, which you can check against your
> expectations.

Sorry, not enough sleep. I knew I wasn't quite saying what I meant.
I meant that if there is truly a security problem that's very
compelling. I don't know how to analyze whether that's the case or
not.

-- 
Dave Abrahams
Boost Consulting
www.boost-consulting.com

• Next message: David Abrahams: "[boost] Re: [threads] Future directions"
• Previous message: Peter Dimov: "Re: [boost] Re: [network] An RFC - updated"
• In reply to: Peter Dimov: "Re: [boost] Re: Yet Another Network Library"
• Next in thread: Giovanni P. Deretta: "Re: [boost] Re: Yet Another Network Library"

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk