Secure Coding mailing list archives
Re: Java DOS
From: "Wall, Kevin" <Kevin.Wall () qwest com>
Date: Tue, 15 Feb 2011 07:20:25 -0600
On Feb 15, 2011, at 12:06 AM, Chris Schmidt <chrisisbeef () gmail com> wrote:
On Feb 14, 2011, at 8:57 AM, "Wall, Kevin" <Kevin.Wall () qwest com> wrote:
[snip[
So on a somewhat related note, does anyone have any idea as to how common it is for application developers to call ServletRequest.getLocale() or ServletRequest.getLocales() for Tomcat applications? Just curious. I'm sure it's a lot more common than developers using double-precision floating point in their applications (with the possible exception within the scientific computing community).I would assume just about any app with a shopping cart does. This is of course compounded by libraries like struts and spring mvc that autobind your form variables for you. Use a form with a double in it and your boned.
Good point about things like Spring and Struts. Hadn't thought of those cases. OTOH, if I were implementing a shopping cart, I'd write a special Currency class and there probably use Float.parseFloat() rather than Double.parseDouble() [unless I were a bank or otherwise had to compute interest], and hopefully Float does not have similar issues. -kevin -- Kevin W. Wall 614.215.4788 Qwest Risk Management / Information Security Team "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We *cause* accidents." -- Nathaniel Borenstein, co-creator of MIME ________________________________________ From: Chris Schmidt [chrisisbeef () gmail com] Sent: Tuesday, February 15, 2011 12:06 AM To: Wall, Kevin Cc: Jim Manico; Rafal Los; sc-l () securecoding org Subject: Re: [SC-L] Java DOS This communication is the property of Qwest and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments. _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- Java DOS Brian Chess (Feb 12)
- Re: Java DOS James Manico (Feb 12)
- Re: Java DOS Jeffrey Walton (Feb 13)
- <Possible follow-ups>
- Re: Java DOS Rafal Los (Feb 13)
- Re: Java DOS Jim Manico (Feb 13)
- Re: Java DOS Wall, Kevin (Feb 14)
- Re: Java DOS Chris Schmidt (Feb 15)
- Re: Java DOS Wall, Kevin (Feb 15)
- Re: Java DOS Wall, Kevin (Feb 15)
- Re: Java DOS Shanahan Pete (Feb 15)
- Re: Java DOS Chris Schmidt (Feb 15)
- Re: Java DOS Shanahan Pete (Feb 15)
- Re: Java DOS Chris Schmidt (Feb 15)
- Re: Java DOS Kevin W. Wall (Feb 16)
- Re: Java DOS Jim Manico (Feb 13)
- Re: Java DOS Jim Manico (Feb 15)
- Re: Java DOS Kevin W. Wall (Feb 16)