# Sunday, February 13, 2011

I've written about "banned APIs" before - let's start with this link and if you read it, it has a link to a previous post, and go on and follow that link and it has a link to a previous post and so on and so on. To summarize, there are three ways to ensure you are not using banned APIs in your C++ app:

  • You can use the extension I blogged about. It highlights places in code you're editing or typing that calls a potentially unsafe function. That's great if you're typing fresh code,not so great if you just inherited a million lines of C++ and aren't sure if it's vulnerable to buffer overflow attacks.
  • You can compile with /W4, and deal with all the C4996 warnings (and use code analysis or code review or generally find the places that someone has suppressed that warning.)
  • You can include banned.h, which controls whether these unsafe functions are marked deprecated or not
None of that has changed. What I wanted to point out was a recent blog entry from the SDL team alerting us that banned.h has been updated, and I also spotted a video on TechNet (why a developer-focused thing is there I don't know) that shows it in action. If you write C++ code, you should be using one or more of these techniques.

Kate
Sunday, February 13, 2011 8:44:32 PM (Eastern Standard Time, UTC-05:00)  #