Re: Request for comments

Paul, What a wonderful module to bring some order to all this mess. I am just wondering looking at the .xs, do you really want to croak on those failures? Update: Indeed I see your intention : " This makes it difficult for a careless program to continue to operate after it has failed to successfully manipulate its privileges, and potentially perform undesirable operations." - from a security POV very nice, from a robustness angle no no! Tricky call, since robustness and security are desirable.

Comment on Re: Request for comments - Proc::UID

Replies are listed 'Best First'.

Re^2: Request for comments - Proc::UID
by pjf (Curate) on Jun 08, 2004 at 01:17 UTC

Thank-you for the encouraging feedback. It's very much appreciated.

My view on exceptions versus return values is that they provide the same information, but with different default actions:

When communicating success or failure using a return value, the 'default action' is to ignore the failure.
When communicating success or failure using exceptions, the 'default action' is to abort the program.

We commonly convert between return values and exceptions, with eval {} and or die "..." being the most commonly seen transformations.

Given that any manipulation of privileges implies that work is being done in a security sensitive context, I feel that the only sensible course of action is to throw an exception should an operation fail. A program that wishes to handle such an event can easily catch the exception and do so.

The croaks in the XS code definitely need to be standardised to more easily allow for exception handling to occur, and it's my intention to have this done and the exceptions well documented before the module is released in a more stable form.

Many thanks again for the feedback,

Paul Fenwick
Perl Training Australia

[reply]


"be consistent"
	PerlMonks

Re: Request for comments - Proc::UID