On Thu, Feb 03, 2005 at 09:48:55AM +1000, Andy Gayton wrote: > >On another note, I would suggest that you rewrite the checkpassword > >program in C, so that Perl doesn't talk directly to the network. > > Peter, just wondering what you mean by this. I feel more confident > using higher level languages which make it easier to avoid buffer > overflows, and (not sure about perl, but with python) working with > uninitialized variables.
Auditability. Perl is who-knows-how-many-(hundred?)-thousand lines of code, compared to a simple checkpassword program in C which may be a hundred or two, total. Yes, checkpassword (as any priviledged program) is a sensitive piece of the system puzzle, but since it only has one very simple task, it can be audited faster and by more people with less effort. //Peter
