[Fwd: Re: Code Review Guidelines (draft)]
Wendell Lee
wendell at singnet.com.sg
Wed Aug 28 02:47:21 PDT 1996
unsubcribe wendell at singnet.com.sg
To: hag at ai.mit.edu
Subject: Re: Code Review Guidelines (draft)
From: lists at lina.inka.de (Bernd Eckenfels)
Date: Wed, 28 Aug 1996 03:30:49 +0200 (MET DST)
Cc: ichudov at algebra.com, adam at homeport.org, firewalls at greatcircle.com, cypherpunks at toad.com, coderpunks at toad.com
In-Reply-To: <199608272111.RAA23997 at galapas.ai.mit.edu> from "Daniel Hagerty" at Aug 27, 96 05:11:39 pm
Sender: owner-cypherpunks at toad.com
Hi,
> Much better, look at rfc822. (I wouldn't consider *anything* that
> has the word "sendmail" in it a good reference).
its much better if you dont rely on the content of the string at all. Dont
use sh -c or system and you will be save. Simply asume that all characters
are valid in user suplied strings and treat them exactly that way... If they
need to be exporeted then unfortunately they need to be 'untainted' and this
should be done by positive not negative lists as mentioned in the
guidelines.
Greetings
Bernd
PS: I have collected the references on
http://www.inka.de/sites/lina/freefire-l/
--
(OO) -- Bernd_Eckenfels at Wittumstrasse13.76646Bruchsal.de --
( .. ) ecki@{lina.inka.de,linux.de} http://home.pages.de/~eckes/
o--o *plush* 2048/A2C51749 eckes at irc +4972573817 *plush*
(O____O) If privacy is outlawed only Outlaws have privacy
More information about the cypherpunks-legacy
mailing list