[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP-specific API

To: OpenLDAP Software List <openldap-software@OpenLDAP.org>
Subject: RE: OpenLDAP-specific API
From: "Mark H. Wood" <mwood@IUPUI.Edu>
Date: Fri, 14 Mar 2003 09:58:17 -0500 (EST)
In-reply-to: <20030314130136.C8543@mippet.ci.com.au>

On Fri, 14 Mar 2003, Dave Horsfall wrote:
> On Thu, 13 Mar 2003, Howard Chu wrote:
>
> [ Good points, but understood anyway ]
>
> > As programmers, you *should* care, and you should *know* what the code you
> > work with does, and how it does it. That is my point.

Quite so.

> And my point in turn was that if you're going to replace one call with
> another one, at least try and not make the same mistake; there is no
> place in any library for a routine that blindly copies data into an
> unknown user-provided buffer.

Hear, hear!  (We old-time VMS guys are sitting here thinking "I told you
so", recalling the use of dynamic string "descriptors" as arguments to
string-mashing functions which will reallocate our buffers as needed and
automagically adjust the descriptors to suit. :-)

There are several threads here, and I feel that it's important to
distinguish them:

o  When copying or assembling varying-length objects, you need to take
   into account the size of the destination buffer and avoid overflows.

o  Failure to consider the internals of someone else's functions can allow
   significant inefficiencies and insecurities to creep into your code.

o  Programmers should thoroughly document their creations, including
   warnings of potential problems (such as inefficiency, not clearing
   returned memory, etc.).  Programming is hard enough without running
   afoul of inefficiency or failure that someone else knew about but
   didn't bother to communicate.

o  It's good to review old code from time to time and see if we can
   improve it w.r.t. current usage.  While it's good and necessary to be
   able to treat supporting code as a black box, it's also good to set
   aside some time now and then to look inside the boxes.  It's micro vs.
   macro optimization, at a conceptual level which is not available to
   compilers.

and probaby a few others that I've not yet discerned.

-- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".

References:
- RE: OpenLDAP-specific API
  - From: Dave Horsfall <daveh@ci.com.au>

Prev by Date: Re: SASL / DIGEST-MD5
Next by Date: RE: Problem with OpenLDAP 2.0.25
Index(es):
- Chronological
- Thread