|
Boost : |
Subject: Re: [boost] Review - boost::log
From: Edouard A. (edouard_at_[hidden])
Date: 2010-03-14 16:10:54
>Nothing unsafe about a "C" style interface. This technique is used by
>thousands of applications.
Tom,
The printf style parameters is responsible for thousands and thousands of
security vulnerabilities.
The problem is that you put the burden of sanitizing the parameters on the
programmer, not the library. If one zero-terminal disappear, you open
Pandora's box. That's just an example. What happens when the programmer
replaces a string by an int and forgets to update the parameters?
I really don't think in 2010 it's sound to encourage that kind of API.
I would rather prefer something like this:
boost::error("The error " << error_code << " occurred: " << error_message <<
std::endl);
Regards.
-Edouard
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4944 (20100314) __________
The message was checked by ESET NOD32 Antivirus.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk