[Date Prev][Date Next]
RE: OpenLDAP-specific API
On Fri, 14 Mar 2003, Dave Horsfall wrote:
> On Thu, 13 Mar 2003, Howard Chu wrote:
> [ Good points, but understood anyway ]
> > As programmers, you *should* care, and you should *know* what the code you
> > work with does, and how it does it. That is my point.
> And my point in turn was that if you're going to replace one call with
> another one, at least try and not make the same mistake; there is no
> place in any library for a routine that blindly copies data into an
> unknown user-provided buffer.
Hear, hear! (We old-time VMS guys are sitting here thinking "I told you
so", recalling the use of dynamic string "descriptors" as arguments to
string-mashing functions which will reallocate our buffers as needed and
automagically adjust the descriptors to suit. :-)
There are several threads here, and I feel that it's important to
o When copying or assembling varying-length objects, you need to take
into account the size of the destination buffer and avoid overflows.
o Failure to consider the internals of someone else's functions can allow
significant inefficiencies and insecurities to creep into your code.
o Programmers should thoroughly document their creations, including
warnings of potential problems (such as inefficiency, not clearing
returned memory, etc.). Programming is hard enough without running
afoul of inefficiency or failure that someone else knew about but
didn't bother to communicate.
o It's good to review old code from time to time and see if we can
improve it w.r.t. current usage. While it's good and necessary to be
able to treat supporting code as a black box, it's also good to set
aside some time now and then to look inside the boxes. It's micro vs.
macro optimization, at a conceptual level which is not available to
and probaby a few others that I've not yet discerned.
Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".