"I'm convinced my source is safe."

Maybe it makes me a beginner, but I'm not yet convinced my code is safe. Just as well as I'm not convinced my code is free from bugs.

I keep on looking for bugs and security holes in my code, and in my software design, even after it's been put in production. And yes, sometimes I do find things that require an urgent correction.

If that makes me a beginner, so be it.

Then you really don't even need an exception handler, do you? *Smiles*

The fact that an exception handler is triggered indicates that the software was caused to behave in a way which is not within normal bounds. While I can appreciate your point of view as someone who would like to help me fix the problem, there are just as many (or even more) people who would like to see how they can abuse this new found "feature" to comprimise my system. What you call debugging detail, the others half calls a roadmap.

I bet the developers of the first TCP/IP stacks (with predictable sequence numbers) thought their source was safe... until Kevin Mitnick abused it. I bet the developers of ICMP error messaging never thought it would be used to recon systems. I have to assume that the person on the other side of my system is smarter than me, more clever than me, and would like to comprimise my security.

Update for Juerd

"And exactly how did he abuse TCP/IP?"

The Mitnick attack was based on predicting sequence numbers... this is why most current TCP/IP stacks use non-predictable sequences.

Then you really don't even need an exception handler, do you? *Smiles*

Well, I do. Errors are often caused by external problems, like exceeded disk quotas, connection errors etc. Or null bytes inserted in my source with terrible harddisk crashes.

until Kevin Mitnick abused it.

And exactly how did he abuse TCP/IP? The same way criminals abuse roads to get away? Or are you one of the many people who just blame this Mitnick guy for everything that is a crack?

I bet the developers of ICMP error messaging never thought it would be used to recon systems.

It's not the protocol that lets people abuse, it's the implementation. That's because it's very simple to make mistakes in lower level languages (hence Perl's huge number of bugs :)

I have to assume that the person on the other side of my system is smarter than me, more clever than me, and would like to comprimise my security.

Even if he is and would, how could error messages help crack a well written Perl program?

U28geW91IGNhbiBhbGwgcm90MTMgY
W5kIHBhY2soKS4gQnV0IGRvIHlvdS
ByZWNvZ25pc2UgQmFzZTY0IHdoZW4
geW91IHNlZSBpdD8gIC0tIEp1ZXJk

I'm convinced my source is safe.

Well that must make you the only programmer in the world who has thought of every angle. Even with open source code with many years of use and review vulnerabilities still crop up.

There are many cliches but perhaps "Pride cometh before the fall" is the most appropriate.

cheers

tachyon

s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print