undefined | Better HN

0 pointsmatheusmoreira5y ago0 comments

> Where each one of those "parse" and "serialise" steps is unique and special, inflexible, and poorly documented.

This can also be a security concern. According to research, a great number of defects with security implications occur at the input handling layers:

0 comments

JdeBP5y ago

Famously, "avoid parsing" was one of the qmail security principles (q.v.).

The maintainer apparently has no transport security concerns. It takes literally two minutes to set up TLS these days

j / k navigate · click thread line to collapse

0 pointsmatheusmoreira5y ago0 comments

> Where each one of those "parse" and "serialise" steps is unique and special, inflexible, and poorly documented.

This can also be a security concern. According to research, a great number of defects with security implications occur at the input handling layers:

JdeBP5y ago

Famously, "avoid parsing" was one of the qmail security principles (q.v.).

The maintainer apparently has no transport security concerns. It takes literally two minutes to set up TLS these days

j / k navigate · click thread line to collapse