Hacker News new | past | comments | ask | show | jobs | submit login

Close what security holes? If someone isn't escaping input they are still screwed if you ban dashes.

It's like suggesting we don't allow sql to store quotes so we can use quotes to enclose data.




It's harm reduction. Yes, everyone should be escaping input. Yes, everyone should be using "./.foo" instead of just ".foo". But people don't, and they're not going to start. If we ban leading dashes, we stop these bugs from turning into security vulnerabilities.

Your stance is like being against ASLR because developers just shouldn't have buffer overflow vulnerabilities in their code.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: