The Science of Insecurity: https://media.ccc.de/v/28c3-4763-en-the_science_of_insecurity#t=0
An amazing talk, but I don't understand this part: first they tell that delimiters are insecure because of injections, then they go on to tell that delimiters are actually more (and provable) secure than length fields.
It seems that length fields make protocols somehow turing complete, or something, but I really don't understand that.
Can someone explain that to me?
@BartG95 length prefixes are often the only possible things for efficiency in hardware (where ram is low) or stream processing. You will find TLV (type, length, value) everywhere. From video/audio/image compression formats (png, mp4/mov container, h264) to modern protocols like apple homekit. With a length prefix you can start parsing your data as it streams in without waiting to find the delimiter to backtrack from there to allocate your processing memory.
@BartG95 From a developer standpoint i find it easier too: you can actually build tools that only extract the chunks pretty easily without knowing the complete grammar (think framing vs parsing)
Primarily my private instance, but if you like the URL create an account. This instance is targeted at makers and software developers.