On Sun, 4 May 2014 16:41:49 +0100
Chris Down <chris_AT_chrisdown.name> wrote:
> I'm not really interested in engaging in some Google soapboxing when we
> are discussing something entirely unrelated.
Nice pun, Chris.
I'm glad you are at least self-aware: The topic we are discussing is
completely unrelated to the security of your computer.
If you mess up your damn soap-config.h, you almost deserve to get your
bloody hard drive wiped.
I designed soap to handle user input safely in the manner of that the
person who configures the program knows what he is dealing with.
There's no denying you can exploit this being the one to configure the
program, if you intentionally circumvent the security measures provided
by it.
I would congratulate you on stating the obvious, if you wouldn't make
it appear as if soap was some bug-ridden, exploitable, insecure
program, which it definitely isn't.
Define irony: Discussing security-non-issues while using OpenSSL.
Cheers
FRIGN
--
FRIGN <dev_AT_frign.de>
Received on Sun May 04 2014 - 18:07:48 CEST