Re: How to disable _SECURE_ATL macro
- From: "Holger Grund" <holger.grund@xxxxxxxxxxxxxxx>
- Date: Mon, 16 Jan 2006 18:57:40 +0100
"Bruno van Dooren" <bruno_nos_pam_van_dooren@xxxxxxxxxxx> wrote
>
>> However, there are places where you're typically perfectly aware
>> of the buffer size. For instance, deprecating memcpy in favor of
>> memcpy_s is a quite stupid motion, IMHO.
>
> the problem with memcpy is that if you are interacting with code that you
> didn't write
> yourself, you cannot be sure that using it is safe.
> in those cases it is better to always use memcpy_s because you have to
> verify with all external buffers anway.
>
I don't quite understand what you're trying to say. Memcpy's contract
clearly defines the size of the buffer accessed.
> unless we are talking about some piece of code where performance is
> critical, i would advise to use the new libaries because they are much
> safer, and in 99.9 % of the cases, the added CPU cycles are un-important.
>
I guess we are not talking about the same thing then. My main complaint
is about Secure SCL which most definitely is not "much safer".
Re memcpy_s et al.: What makes you believe that these functions are
much safer? Carrying the buffer size is tedious and I wouldn't be surprised
if folks just copied the buffer size to memcpy as the fourth paramter.
E.g.
memcpy( foo, bar, size );
becomes
memcpy_s( foo, bar, size, size );
There is obviously no value in this transformation.
Additionally, there are already superior solutions to this problem
by using C++ wrappers. E.g. std::string or std::valarray or any
of the standard containers.
> if performance really is critical then that could be a reason for using
> the un-safe functions, but that shouldn't be the default choice. security
> and stability issues are much more commonplace than performance issues for
> most (but not all) code.
>
I'm afraid I disagree. You don't just throw a switch at the compiler and
your program is magically secure. There is a lot of work involved that
will render your code slower, more complex and less portable. Deprecating
standard functions by default is an extrembly poor choice IMHO.
If you consider buffer management too hard, don't want to use a
managing wrapper and don't care about performance, working set etc.,
you'd probably be better off with another programming language.
Java & C# come to mind.
Obviously, this is a matter of philosophy and maybe personal taste.
However, I definitely do not concur with your initial statement
>of course, it would be MUCH better to port your code to use the new, secure
>functions because doing the things mentioned above will leave you open to
>lots of potential problems.
OTOH, that doesn't necessarily mean you should never use the secure
libraries. But that's what I've done and probably will in the future.
Just my two cents
-hg
.
- References:
- Re: How to disable _SECURE_ATL macro
- From: Bruno van Dooren
- Re: How to disable _SECURE_ATL macro
- From: Holger Grund
- Re: How to disable _SECURE_ATL macro
- From: Bruno van Dooren
- Re: How to disable _SECURE_ATL macro
- Prev by Date: Re: How to disable _SECURE_ATL macro
- Next by Date: Re: How to disable _SECURE_ATL macro
- Previous by thread: Re: How to disable _SECURE_ATL macro
- Next by thread: Re: How to disable _SECURE_ATL macro
- Index(es):
Relevant Pages
|
