Re: Postel's Law (Was Re: Inclusive terminology (instead of master/slave) for network bonding/LACP)
On Sat, Feb 24, 2024 at 07:44:44PM -0500, Jeffrey Walton wrote:
> On Sat, Feb 24, 2024 at 7:37 PM Andy Smith <andy@strugglers.net> wrote:
> >
> > [...]
> > Turning back more to protocol design, we have spent decades walking
> > back Postel's Law as we find more and more ways that being liberal
> > in what our software accepts is untenable in the face of a hostile
> > Internet.
>
> ++. Postel's Law is a disaster nowadays. It was fine back in the
> 1980's, but it is dangerous in the toxic environments of today.
>
> Here's what we teach our developers: Look for any reason you can to
> reject the data. If you can't find a reason, then begrudgingly perform
> the processing or transformation.
There is a difference between not doing validation (eg a field being numeric)
and flexibility (eg a line length being 100 bytes which is more than the
specified 80 bytes). This is what Postel is talking about.
Otherwise I completely agree: validate, validate, validate - if I accept your
bad data then it becomes my problem, if I reject it then you have to fix it.
Unfortunately people will complain if you do this "everyone accepts the data",
to which I reply "please tell me exactly what it means" - which should shut
them up.
--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html
#include <std_disclaimer.h>
Reply to: