▲ | securesaml a day ago | |
The correct conclusion is: https://news.ycombinator.com/item?id=44337330 The problem of trying to ensure that each parser behaves the same for all input is twofold: - JSON and XML specifications are complex, lots of quirks. So not feasible. - Does not solve the fundamental issue of the processing layer not using the same data that is verified in the verification layer. Note: the processing layer parses the original input bytes, while the verification layer verifies a struct that is parsed using another parser. Processed: Proc(input) Verified: VerifyingParser(input) |