Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Scripting Languages and Secure Coding

From: "Tegels, Kent" <Kent.Tegels () hdrinc com>
Date: Thu, 04 Dec 2003 02:14:01 +0000
Too many people start through in programming and so are causing these

negative side effects (and that's just it)
<rant>
I don't feel that's unique to LAMP world, it's a serious cause of
concern for me on the COM-based ASP and ASP.NET side too. It seems like
the major problem for us (aside from running on Windows, let's not start
that, ok?) is that we -- as in the authoring and support community --
aren't doing a good or consistent job about talking about security from
the start. Its very easy and tempting to write "bad" demonstration code
that becomes imprinted on the newbies as a pattern. 

Granted, the CLR addresses some of security issues by default, but bad
design is still bad design. The easier you make it do things, the easier
you make it do things "wrong."
</rant>

Thanks!
kt

[Ed. <moderate>Please do NOT turn this into a "my operating system is
better than yours" thread. Let's keep to the topic of securely developing
software. Discussing language/OS features is fine, but don't go down
that very slipper slope, please.</moderate>]
Previous By Date Next
Previous By Thread Next

Current thread: