Vulnerability Development mailing list archives
Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh)
From: Jonathan James <Jonathan () SECURITO SE>
Date: Thu, 28 Sep 2000 10:03:51 +0200
What you *still* haven't explained HOW you do that. We both mentioned the usage of company/project guidelines on how to write (secure) code. Is this what you mean? Or do simply mean to have routinely revisions of design and having the code evaluated for quality assurance? (this is what is known as iterative development in fancy books [has more names btw], and is standard in most development companies) I mean, having the entire code "designed", and not just how modules and functions interact... Wouldn't this actually mean you have NO design, you kind of implement it directly?
What I mean is that the design fase includes structuring, modulization and interaction. This should be simulated by pseudo code. After passing this fase you start to implement the code.
As in the discussion of weather C is too hard or not for experience programmers, isn't your code broken? :)
I didn't spend any time looking at the code. The example was there just to illustrate my point. int function(char *name) { char variable[5]; strncpy(variable, name,5); variable[(sizeof(variable)-1)] = NULL; // (sizeof(variable)-1) instead of sizeof(variable) - NULL, \0, 0 ... whatever you want.. printf("Hello %s",variable); return 0; } Jonathan http://www.securito.se
Current thread:
- Re: CGI scripts in sh, (continued)
- Re: CGI scripts in sh Lincoln Yeoh (Sep 22)
- Re: CGI scripts in sh Crispin Cowan (Sep 23)
- Re: CGI scripts in sh -jf- (Sep 22)
- C versus other languages, round 538 or so (Re: CGI scripts in sh) Bluefish (P.Magnusson) (Sep 23)
- Re: C versus other languages, round 538 or so (Re: CGI scripts in sh) Jonathan James (Sep 24)
- Re: C versus other languages, round 538 or so (Re: CGI scripts in sh) Bluefish (P.Magnusson) (Sep 25)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsin sh) Jonathan James (Sep 27)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsin sh) Bluefish (P.Magnusson) (Sep 27)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Jonathan James (Sep 27)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Bluefish (P.Magnusson) (Sep 27)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Jonathan James (Sep 28)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Reid Nichol (Sep 29)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Adam Clarke (Sep 28)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsin sh) Ben Galehouse (Sep 30)
- Re: C versus other languages, round 538 or so (Re: CGI scripts in sh) Ben Galehouse (Sep 27)
- Re: C versus other languages, round 538 or so (Re: CGI scripts in sh) Jonathan James (Sep 27)
- Re: C versus other languages,round 538 or so (Re: CGI scripts in sh) Crispin Cowan (Sep 28)
- Re: C versus other languages, round 538 or so (Re: CGI scripts in sh) Ryan Masters (Sep 24)
- Re: IP Spoofing with DHCP ? Matthew S. Hallacy (Sep 19)