nanog mailing list archives
Re: It's been 20 years today (Oct 16, UTC). Hard to believe.
From: bzs () theworld com
Date: Tue, 16 Oct 2018 23:20:16 -0400
On October 16, 2018 at 19:35 mike () mtcc com (Michael Thomas) wrote:
I believe that the IETF party line these days is that Postel was wrong on this point. Security is one consideration, but there are others.
Security fits into all this, being liberal in what you accept doesn't mean you do whatever they ask. Quite the contrary it means make sure your code doesn't roll over dead or misbehaving just because you received an unexpected input. Not doing that was exactly what allowed for example buffer overflow attacks. The target software wasn't liberal in what it accepts which is to say anticipated that someone might send them a very long string and should either buffer it correctly or truncate it. They assumed they'd only be sent reasonably short strings.
Mike On 10/16/2018 07:18 PM, bzs () theworld com wrote:What it's trying to say is that you have control over your own code but not others', in general. So make your own code (etc) robust and forgiving since you can't edit others' code to conform to your own understanding of what they should be sending you. I suppose that pre-dates github but nonetheless much of the code which generates bits flung at you is proprietary and otherwise out of your control but what you can control is your code's reaction to it. And of course the bits you generate which should try to make conservative assumptions about what they might accept and interpret as you expect. For example just because they sent you a seemingly malformed HTTP request, and given that 4xx is for error codes, doesn't mean you should return "420 You must be high!" and expect to be understood.
-- -Barry Shein Software Tool & Die | bzs () TheWorld com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
Current thread:
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe., (continued)
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe. Suzanne Woolf (Oct 15)
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe. Brian Kantor (Oct 15)
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe. Wayne Bouchard (Oct 15)
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe. Scott Weeks (Oct 16)
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe. Daniel Corbe (Oct 16)
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe. Brian Kantor (Oct 16)
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe. Wayne Bouchard (Oct 16)
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe. Fred Baker (Oct 16)
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe. bzs (Oct 16)
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe. Michael Thomas (Oct 16)
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe. bzs (Oct 16)
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe. Michael Thomas (Oct 16)
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe. Daniel Corbe (Oct 16)
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe. Scott Brim (Oct 16)
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe. Michael Thomas (Oct 16)
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe. Florian Weimer (Oct 17)
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe. bzs (Oct 17)
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe. Robert Brockway (Oct 16)
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe. Laszlo Hanyecz (Oct 17)
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe. Florian Weimer (Oct 17)
- Re: It's been 20 years today (Oct 16, UTC). Hard to believe. Michael Thomas (Oct 17)
- RE: It's been 20 years today (Oct 16, UTC). Hard to believe. Keith Medcalf (Oct 16)