String Suggestions for Speed and Security
Dave Fetterman has put together an excellent set of recommendations for string comparision practices. Now I am really pleased by this because:
- these recommendations are going to help you to avoid some nasty security weaknesses that might otherwise plague you
- you get to use ordinal based comparisons more often and they are by far the fastest and cheapest
Speed and Security? Say it isn't so!
Comments
- Anonymous
July 05, 2005
Time to brush up on your string handling techniques and be introduced to the StringComparison enumeration ... - Anonymous
July 05, 2005
Time to brush up on your string handling techniques and be introduced to the StringComparison enumeration ... - Anonymous
July 05, 2005
Unfortunately, the article doesn't address two major issues:
1) How does this impact the == operator for string comparison in C#?
2) Is it safe to switch on a string in C#? - Anonymous
July 05, 2005
OK I don't have this memorized so I'm going to guess for fun then look it up later.
I'm pretty sure both == and the switch statement require exact equality in C#. So that would make them like the case sensitive ordinal compare.
Let's see how I do :) - Anonymous
July 05, 2005
Looks like I'm right. The switch uses operator== which in turn uses the default String.Equals.
The article actually covers == in the discussion of String.Equals though it doesn't mention switch. All of this is easy enough to verify by looking at the IL.
String.Equals
Default interpretation: Ordinal
The String class's equality methods include the static Equals, the static operator ==, and the instance method Equals. All of these operate by default in an ordinal fashion. Using an overload explicitly stating the StringComparison type is still recommended, even if you desire an ordinal comparison; in this way, searching code for a certain string interpretation becomes easier. - Anonymous
July 06, 2005
Time to brush up on your string handling techniques and be introduced to the StringComparison enumeration ...