@snaggen I think the better lesson than “don’t mix URI parses” here is “don’t LBYL, rely on EAFP”. Many “Look before you leap” (LBYL) schemes are subject to variations of time-of-check/time-of-use errors. It’s preferable to not sanitize input, but tell the processor what the policy on processing is; when it comes to a violation, it’s easier to ask forgiving (i.e. report the error) than permission (EAFP).
Technology enthusiast with a focus on Free Software and embedded systems. Science fiction promised us general purpose electronics, let’s build them! (And get their security properties right.)
- 0 Posts
- 5 Comments
Joined 6 years ago
Cake day: January 21st, 2019
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
2·1 year ago@0xsaksham @snaggen Last polls I saw, the #RustLang hashtag (it’s case sensitive, but capitalization helps for accessibilisy) was a tad more popular than #Rust due to the latter’s ambiguities.
@jvisick That process is completely intransparent to anyone approaching this without preexisting knowledge of that Lemmy instance. Do you know who runs that account? They should really make a note in its metadata.
Last time I checked, GTK could do laziness well where it matters (lists /trees), but admittedly that was some time ago.
The very same type of mistakes happens in file systems even without URIs being involved. Directory traversal checks look simple but sooner or later need hard-to-understand symlink following rules. Enforcing processor policy has terrible portability there (it even only became practical on Linux with landlock), but nonetheless I think it’s preferable.
Not mixing URI parsers is a good advice for when processor policies are unavailable – but let’s try to make them available more often.