4 Replies - 4122 Views - Last Post: 29 February 2012 - 10:39 AM

#1 smohd  Icon User is offline

  • Critical Section
  • member icon


Reputation: 1820
  • View blog
  • Posts: 4,627
  • Joined: 14-March 10

[Link] .Net's Sort Is Not Secure

Posted 07 January 2012 - 06:50 PM

Today I see this page talking about .Net Array.Sort() weaknesses, what do you think about it:
http://zimbry.blogsp...ont-use-it.html

Summary

Quote

.Net's Array.Sort (up to at least version 4.0) has serious weaknesses:
1. It is insecure and using it makes you vulnerable to a malicious attacker
2. It is inflexible
3. It is slower than it should be even in the absence of an attacker


Is This A Good Question/Topic? 1
  • +

Replies To: [Link] .Net's Sort Is Not Secure

#2 baavgai  Icon User is offline

  • Dreaming Coder
  • member icon

Reputation: 5932
  • View blog
  • Posts: 12,857
  • Joined: 16-October 07

Re: [Link] .Net's Sort Is Not Secure

Posted 08 January 2012 - 06:08 AM

I call bullshit.

Quote

2. It is inflexible. It does not allow you to provide a delegate for the swap function...

This is completely inaccurate. The sort has always taken some kind of delegate, at least as far back as .NET 2.0. So, considering 1/3 of the complaint is simply wrong, I rather suspect the rest.

Quote

1. It is insecure. ... It is easy to provoke quicksort's worst-case (quadratic) behavior and increase running times by multiple orders-of-magnitude...


So, why is it insecure? Because you can feed it worst case scenario data?!? Because the real world never has a worst case? This is followed by the assertion that worst case qualifies as some kind of attack, because it will tax the CPU...

Quote

3. It is slower than it should


This is kind of funny. You complain about the possibility of a system being overwhelmed by worst case. Then you complain it's not as fast as possible. Perhaps, if I were trying to avoid a worst case collapse, I'd put some extra guards in there? Not the fastest, but safer?

These three assertions are then followed by the poster's code that simply must be better than the code base. Why are there problems with sort? Because his code is better? Narcissistic wanker.
Was This Post Helpful? 3
  • +
  • -

#3 smohd  Icon User is offline

  • Critical Section
  • member icon


Reputation: 1820
  • View blog
  • Posts: 4,627
  • Joined: 14-March 10

Re: [Link] .Net's Sort Is Not Secure

Posted 08 January 2012 - 06:46 AM

That was I was thinking about, it looks like the article comes from those .NET hatters but didnt get away to disapprove it because I am not good in those Algorithm Computational analysis.

But baavgai, do you think that is way of someone to advertise his code??
And what do you think about the computation algorithm used in our Array.Sort()?

And thanks for the good explaination :)
Was This Post Helpful? 0
  • +
  • -

#4 baavgai  Icon User is offline

  • Dreaming Coder
  • member icon

Reputation: 5932
  • View blog
  • Posts: 12,857
  • Joined: 16-October 07

Re: [Link] .Net's Sort Is Not Secure

Posted 08 January 2012 - 01:12 PM

Programmers can be arrogant buggers. This isn't an advertisement; simply chest thumping.

There is a difference between writing code that's broadly useful and code that is specifically useful. If a programmer starts with a specific case in mind and programs to it, they can usually beat the general code.

He provides his source code. With so much static it's painful and his test cases appear to be all ints. If you were inspired enough, you could run through the code and find cases where it's less than optimal. But what's the point? Just take it for what it is and move on.

If you're trying to sort half a billion data points in memory, you might wish to reconsider your approach, anyway. That's firmly in database territory.
Was This Post Helpful? 1
  • +
  • -

#5 sepp2k  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 2153
  • View blog
  • Posts: 3,315
  • Joined: 21-June 11

Re: [Link] .Net's Sort Is Not Secure

Posted 29 February 2012 - 10:39 AM

Sorry, for resurrecting an 2 months old thread, but I just had to point something out:

View Postbaavgai, on 08 January 2012 - 02:08 PM, said:

Quote

2. It is inflexible. It does not allow you to provide a delegate for the swap function...

This is completely inaccurate. The sort has always taken some kind of delegate, at least as far back as .NET 2.0.


It has always taken a delegate for the comparison function, sure. But it certainly hasn't taken one for the swap function, which is what the author bemoans.

Whether or not that's a much-needed feature is debatable of course, but the author at least seems like he has a legitimate use case. So I suppose for his purposes at least sort is indeed not flexible enough.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1