-
Notifications
You must be signed in to change notification settings - Fork 4
/
notes.txt
59 lines (52 loc) · 2.69 KB
/
notes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
goal:
Create a C++ library that can be used for accessing an NTLM protected webpage.
The main purpose of this project is to be educational.
todo:
- reconsider the "\nname"... style
- replace msgtype with msg_type
- consider moving security_buffer into separate header file
- consider using use "at" instead of "i" as loop variable
- replace pwdhash with password_hash
- usage of pal.hpp sucks, improve it somehow
- write a clean posix based democlient
- make calculate nt response look as good as calculate_lm_response()
- clean up on reinterpret_cast
- do proper size calculation of b64str in as_base64_encoded_string()
- rename NTLM_PWDHASH_LEN with NTLM_PWDHASH_SIZE
- get rid of #define of constants
- do not convert challenge into uint64 and back into std::vector<uint8_t>
- enable command-line options to democlient
- make democlient read both unprotected stuff (eg public.txt) and protected stuff
- fix unit test for Test3_message
- proper error checking in T3 marshalling
known issues:
- the code assumes that sizeof(uint8_t) == sizeof(char), should this be asserted or compensated for?
- Not sure if std::size_t should be used for indexing small arrays... maybe int is better
- uint8_t and stdint.h is not really a part of C++98, it came with C99
ISSUES in NDC talk:
base classes should have virtual destructors
header files should have header guards
make sure you include the proper header files
no need to include files included by the base class declaration
no need to repeat the virtual specifier when overriding a method
single argument constructors should be specified as explicit
focus on usage of class; public section first, then private section
always focus on readability, you spend more time reading code than writing it
importing a namespace in implementation files is usually not a good idea
"never" import a namespace in a header file
initialize objects properly, use the initialization list
prefer std::size_t when working with memory indexing and offsets
for non-trivial objects, prefer pass by const over pass by copy
query methods should be specified as const
order the include files like this; own, project/platform, standard
avoid magic numbers, use explaination variables
avoid superfluous use of ()
prefer forward declarations when you can
do not use explicit on multi argument constructors
consider explainability, don't do things that needs elaborate explainations
avoid default arguments (they are often not used anyway)
do not throw pointers to exceptions (eg, not "throw new ...")
treat warnings like errors (-Werror) and compile with -Wall and -Wextra
consider using -Weffc++ and -pedantic as well
do not mess with borrowed things
always consider the sideeffects of what you do