-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On May 20, 2004 08:30, s. keeling wrote: > That's funny. A guy I know who, in my crowd, is generally considered > one of the best writes his CGI's in C specifically for security > reasons.
LOL. r-r-r-ight ... languages that require manual mem management (inc bounds checking on arrays and buffers) are SO much safer than those that don't. esp when the data coming in is predominantly user supplied over an untrusted network. i'd just LOVE to hear this fellow enumerate the "security advantages" of C over, say, Perl or PHP for CGI. would make for a good laugh over beer ... i wonder if he's ever considered maintainability, including by others who may not be as skilled, clever or brash as he. i'd also be interested in how he tests his code; e.g. does he have an automated testing harness for his CGIs that provides 100% code coverage and which he runs regularly? of course, C programmers often spurn such unecessary details. =/ > Bad or sloppy programmers can write bad or sloppy code in > any language. it's like saying that since i'm really good with guns, i remove the safeties from the ones i own[1]. i mean, stupid or clumsy people can make a hole in their foot with any sufficently heavy/sharp object, right? so what do i need with a gun safety if i'm not stupid or clumsy? oh. right. i'm *HUMAN*. the machismo that turns "bad programmers write bad code, regardless of the language" into "i write in a language with maximum dangers because i'm not a bad programmer in my opinion" is EXACTLY what's wrong with so many Free/Open Source Software projects when it comes to security and other types of general sanity. it's a blatantly stupid way of thinking, one that keeps getting the community in general into trouble. one of the hallmarks of a master is that they know their limits and know which tools are best for which job regardless of the machismo factor. your friend, no matter how good he can sling the code, is obviously no master. i'm sorry to be so blunt and harsh, but such attitudes are the antithesis of the progress we so desparately need to make. [1] i don't actually own any guns. =) - -- Aaron J. Seigo GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43 while (!horse()); cart(); -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQFArbpj1rcusafx20MRAhuYAJ46Pgr+cDIG+54WYcE30GKzsNlADgCfURzb QD7fooYoOxv3+njmrvtNixE= =oaKI -----END PGP SIGNATURE----- _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
