AT>    ----- CYBER.CPP begins -----
 AT> #include 
52 lines elided!
 AT>    ----- CYBER.CPP ends -----
My example, using purely iostreams, was shorter.  (-:  
Not only that, but it was also, more importantly, ...
 AT> char szName [512];         /* That should be lots large enough. */
 AT> cin >> szName;
... safe from someone running the program with standard input redirected from 
a file containing a line longer than 512 characters.
`istream::operator>>(char *)' is not a safe operator to use unless the input 
stream can be guaranteed to conform to certain constraints, since it has no 
means for preventing buffer overflow if the input data are arbitrarily long.  
In situations where the contents of the input stream cannot be guaranteed, 
such as in this case where the user is liable to type *anything* or redirect 
the input of the program, then `getline' is by far the more preferable 
oice.
The Internet Worm of 1987 depended upon just such a flaw in the `sendmail' 
program: the programmer had used `gets' instead of `fgets', thereby allowing 
the code of the program in memory to be overwritten by a suitably tailored 
input stream.  Even today, I'd estimate, from browsing various lists, that a 
good 70% of the known security holes in mainstream systems and application 
softwares are due to this sort of error.  (One of the many Microsoft Internet 
Explorer 4 flaws discovered recently, for example, is that it fails to limit 
the length of the URL provided by a link to that of the buffer that is used 
to hold it.)  
 ¯ JdeBP ®
--- FleetStreet 1.19 NR
---------------