Re: [Passwordsafe-devel] Code docu, parameter validation, CMyString
Popular easy-to-use and secure password manager
Brought to you by:
ronys
Menu
▾
▴
Re: [Passwordsafe-devel] Code docu, parameter validation, CMyString
|
From: Rony S. <ro...@gm...> - 2007-03-16 19:56:37
|
Hi, Good questions, all. Here are my replies: - Doxygen is cool, and adding comments so that they can be parsed by it would be great. If you (or anyone) cares to write a "template" .h and .cpp file showing how to do this, that would help a lot. - Regarding parameter validation: The approach I like is that parameters that can be wrong due to programming errors should be checked by "ASSERT" statements. This is especially true for pointers that should never be NULL. parameters that can be bad due to user input or runtime errors (such as a file that failed ot open) should be checked in the non-debug version as well. In the example you described, I consider having CXMLprefs::Load() called with an invalid filename a programming error, which should be detected & prevented by higher levels. - CMyString started out as a wrapper/replacement for CString, with the main difference in that the destructor "wipes" the text that the object held, so as not to leave potentially sensitive data floating around in memory. The current convention is for CString to be used for insensitve data, and CMyString to be used otherwise. If I were to code the project from scratch today, I'd probably use std::string instead of CString, and define a SecureString class for sensitive text... Cheers, Rony -----Original Message----- From: pas...@li... [mailto:pas...@li...] On Behalf Of Steffen Ryll Sent: Tuesday, March 13, 2007 1:16 AM To: pas...@li... Subject: [Passwordsafe-devel] Code docu, parameter validation, CMyString -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, a few question for which I couldn't find answers: - - do you have any conventions for code documentation (e.g. descriptions what methods do and what their parameters mean)? Possibly an approach, that allows to generate HTML or similar out out comments strinkled over the code.. If not, what about using doxygen (http://www.stack.nl/~dimitri/doxygen)? It can generate HTML, PDF etc. from specially marked code comments, comparable to javadoc. If haven't chosen such a tool yet, I will write a config file for doxygen - - do you have any conventions/ a rule of thumb, where parameters should be validated and where we trust they are correct? I made some enhancements to the unit tests (not in svn yet) during the weekend and asked myself whether it makes sense to add validations. For instance, if you instantiate CXMLprefs with an empty or non-existent file name, the first Load() call asserts. Is this worth fixing or do we rely on parameter validation in higher-level classes? - - Is it correct that CMyString is intended as a wrapper around MFC's CString, in order to improve portability? This confuses me a little bit, because CString is used so often in other classes (I looked only into corelib). Cheers, Steffen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9d9FCAP6QscD9IERAth2AKCoMZC3JriAAA9IfUbZx6kTrBzSvgCglWAm 8rxjvTb7SV44zDl6YbUHPGc= =w0Rp -----END PGP SIGNATURE----- ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Passwordsafe-devel mailing list Pas...@li... https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel |
