Don't catch it!

Dot your i's, cross your t's - but don't catch your exceptions. That's what is recommended if you are coding for Windows Vista.

Well, not exactly. There is an extremely interesting post on the recent ANI cursor handling security vulnerability here. It has a new take on catching exceptions. Catching an exception from a vulnerable snippet of code may nullify the protection provided by Vista's address space randomization, since the hacker may repeatedly try different input values without the process exiting.

Really interesting. The real question is.. how much attention do we really need to pay to this? Where do we draw the line between reliable code (one that catches exceptions) and secure code (one that doesn't). Is it too early to be worrying about this? I wonder.


Popular posts from this blog

Dark Fonts and Colors for light theme in VS 11

Laptop Surprises: Lenovo Yoga Slim 7i

Setting coordinates in Phaser where the body and the sprite are offset from each other