this post was submitted on 08 Jan 2025
821 points (98.1% liked)
Programmer Humor
19935 readers
3307 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
None of this has much to do with type safety at all. A dynamically typed language might have a Salt object that has a constructor that takes a base64 string. If its common uuid library doesn't output base64, then you can't use it directly.
Nor does a specific uuid library matter much. It just needs to be able to output base64 strings, which is an uncommon uuid encoding, but it's out there.
Nor does type safety prevent providing a sensible default implementation.
The crate uses phc strings, which store the salt together with the hashed password, so no, it can handle it all on its own.
There was just no thought into how components work together.
Why even bother with things like strings for a salt? I would expect it to just take a byte array. Just create some random bytes and provide that.
Yeah, that's my thinking, too. But the library only takes b64.
Edit: also, if anything, this system reduces the benefit of strong typing. You can feed whatever string you want into it and the compiler will say it's OK, even if it would fail at run time. If it were a
Vec<u8>
, then the compiler can check things. Especially if you do something to let the compiler enforce the length (if possible).Or hand over a UUID object directly. Yeah, it ties it to a specific library, but it's either that or you're not taking full advantage of strong typing.
Or just have a sensible default implementation.