▲ | mplanchard a day ago | |
The article didn’t claim that “last wins” is in and of itself an issue, but that the differences between who wins between parsers across services/languages can cause issues. Their position was that everyone should standardize on “last wins,” since that is the most common. | ||
▲ | securesaml a day ago | parent [-] | |
The correct conclusion is: https://news.ycombinator.com/item?id=44337330 The problem of trying to ensure that each parser behaves the same for all input is twofold: - JSON and XML specifications are complex, lots of quirks. So not feasible. - Does not solve the fundamental issue of the processing layer not using the same data that is verified in the verification layer. Note: the processing layer parses the original input bytes, while the verification layer verifies a struct that is parsed using another parser. Processed: Proc(input) Verified: VerifyingParser(input) |