Sunday, March 25, 2007
Cohen on Howard: Chapter 10
Chapter 10 presents issues in untrusted input and methods to check input for validity and safety.
Cohen:
Spot on. There are more advanced techniques that are better than what the book presents. One could nitpick that "they just missed the basic notion that we are dealing with sequential machines" and instead chose to present simpler techniques that are within the grasps of all computer programmers.
Cohen:
You may not believe this, but the book fails to address sequential machine issues across the board and focuses entirely on combinatorics issues under stateless machine assumptions. This is not by intent, as there is no underlying model in the book. They just missed the basic notion that we are dealing with sequential machines. And of course asynchronous issues between communicating sequential machines never even hits their radar. We are told to check input validity by verifying syntax, but the use of redundant values on input to cross check validity is ignored. Input syntax is addressed, but semantics are ignored, and more particularly, we are not told how to build syntax filters that allow different syntactic elements based on previous inputs and program states.
Spot on. There are more advanced techniques that are better than what the book presents. One could nitpick that "they just missed the basic notion that we are dealing with sequential machines" and instead chose to present simpler techniques that are within the grasps of all computer programmers.
