Re: at the risk of another flamefest..

[ebradley () andromeda rutgers edu (Eugene Bradley)]

-----BEGIN PGP SIGNED MESSAGE-----

Personally, I would say that the security bugs that seem to be
popping up lately are a combination of Language of Choice and Bad
Programming.

Eric Clapton had a hit song in the '80's whose lyrics went, "It's in
the way that you use it."  One thing I've already learned about C++ and perl
programming (lessons of which I've started on my own a couple of weeks ago)
is that you have to know when to and when NOT to use bounds checking, as well
as how much overflow buffer checking to perform.  If some perl source code
that I've seen only checked for buffers with this simple code:

#!/usr/bin/perl
# (Naturally, convert the sample perl code to C{++})

$bufferchar = 255;
while (<>) {
        if ((<>) ge $bufferchar) {
                die "Buffer overflow -- program terminated. $!\n"
                }
        }
else [...]

then you wouldn't see have the overflowed buffer --> root shell
holes that I'm constantly reading about.  Naturally, if it's technically
feasable, you must use the language you *know* better than language
you want to show off your programming skills with.  This way you don't
accidently introduce any overflowed buffer --> root shell holes
in your code.

Thanks and forgive my ranting...


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMeq0/BskmjHS+zH1AQEv+wP+OWRGryiqb6tag0Wgz+LR5yCC3nM31H6Y
mMY92aZOpVmRx7wtLUO3gxbhZFHd5afR4VMizrpcrB+adfdD3tFwcjIx73ocAZX6
RiHt6GF6/FUZqJUSox/DsdDbPoE/6PdzFeeNctpuppjkIOM5IB242bFEu5EJZBI7
UQFGlxcA1xk=
=nDkQ
-----END PGP SIGNATURE-----

--
              Eugene Bradley | finger me for my PGP public key
                       webmaster of misery.winter.org
    PGP Fingerprint = 55 70 DE 84 FE E1 3D 50  7F C2 88 22 30 8C 81 9E
   <a href="http://www.armory.com/~ebradley";> Eugene's W^3 Duckpond </a>