by garry on 6/30/20, 3:46 PM with 1 comments
by ncmncm on 6/30/20, 4:05 PM
When a server or API is "tolerant", with multiple implementations of an protocol, it becomes difficult or even impossible to know if it will "tolerate" your new request by doing the wrong thing, instead of nothing. The API equivalent might be "tolerating" a null pointer by treating it as the empty string, instead of failing, preventing early detection of corrupted data structures.
This has made evolving, e.g., TLS very hard, and delayed security improvements by years.