Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] Username/Password NSE library
From: "Patrick Donnelly" <batrick.donnelly () gmail com>
Date: Wed, 25 Jun 2008 13:42:36 -0600

I just want to repeat what I said in reply to Thomas:

The performance difference between the two is almost negligible and
certainly will not impact anything. It has become more of an aesthetic
difference. If you have good reasons for not using the generic for
loop then by all means please don't :)

On Wed, Jun 25, 2008 at 1:11 PM, Kris Katterjohn <katterjohn () gmail com> wrote:
I have run into one problem which I didn't test last night: giving the library
a non-existent filename.  Rather than returning false and giving the caller an
error message like mine did, or returning the error message like I assume
yours is supposed to do[4], I get this rather nasty looking error message:

SCRIPT ENGINE: error while initializing script rules:
./nselib/unpwdb.lua:29: bad argument #1 to 'lines' (none: No such file or
directory)
stack traceback:
       [C]: in function 'lines'
       ./nselib/unpwdb.lua:29: in main chunk
       [C]: in function 'require'
       ./scripts/unpwdbtest.nse:7: in main chunk
       [C]: ?
       [C]: ?

This was just another design choice I added in. I don't feel the
try/catch mechanism is suitable for something like this. The act of
requiring the module (ex)(im)plicitly states a level of reliance. If
the module cannot get a database it can't do anything useful and
should therefore fail immediately.


But I don't think it should spew a bunch of crap on the screen when the script
can easily be told of the problem and it can return silently, or do whatever
else it thinks is appropriate (such as letting the user know of the problem).

Maybe a simple, one-line debug message can be printed from the library for
notification.

That sounds appropriate.

Cheers,

-- 
-Patrick Donnelly

"One of the lessons of history is that nothing is often a good thing
to do and always a clever thing to say."

-Will Durant

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]