top | item 33694881 (no title) ralphb | 3 years ago I'm confused and very far from an expert here. What is wrong with parsers, and what is the alternative? discuss order hn newest jcims|3 years ago A specific class of parsers>parsers for untrusted input in C lazide|3 years ago Pretty much all input is untrusted unless it originated (exclusively!) from something with more permissions that is trustworthy.The kernel is written in C.So that pretty much means all parsers written in C and every other language should consider all input untrustworthy, no? load replies (1) thaumasiotes|3 years ago That didn't answer anything. If you want to do anything with your input, you have to run it through a parser. Doesn't matter if it's untrusted or not. Your only options are ignoring the input, echoing it somewhere, or parsing it. load replies (2)
jcims|3 years ago A specific class of parsers>parsers for untrusted input in C lazide|3 years ago Pretty much all input is untrusted unless it originated (exclusively!) from something with more permissions that is trustworthy.The kernel is written in C.So that pretty much means all parsers written in C and every other language should consider all input untrustworthy, no? load replies (1) thaumasiotes|3 years ago That didn't answer anything. If you want to do anything with your input, you have to run it through a parser. Doesn't matter if it's untrusted or not. Your only options are ignoring the input, echoing it somewhere, or parsing it. load replies (2)
lazide|3 years ago Pretty much all input is untrusted unless it originated (exclusively!) from something with more permissions that is trustworthy.The kernel is written in C.So that pretty much means all parsers written in C and every other language should consider all input untrustworthy, no? load replies (1)
thaumasiotes|3 years ago That didn't answer anything. If you want to do anything with your input, you have to run it through a parser. Doesn't matter if it's untrusted or not. Your only options are ignoring the input, echoing it somewhere, or parsing it. load replies (2)
jcims|3 years ago
>parsers for untrusted input in C
lazide|3 years ago
The kernel is written in C.
So that pretty much means all parsers written in C and every other language should consider all input untrustworthy, no?
thaumasiotes|3 years ago