Language wars have been with us since the earliest days of computing and we are obviously not going to resolve them here. It seems to me though, that cryptographic tools could be use to make to improve the reliability and security of C++ by providing ways to manage risky usages.
I have in mind a modified development environment that detects dangerous programming instances like pointer arithmetic, assignments in "if" statements, C (as opposed to C++) strings, char array declarations, maloc's etc. Methods where such usage is necessary would be signed by the author and one or more reviewers, with the signature embedded inside a special comment statement. The development environment would then check whether only approved usages are present and, if so, sign the executable file. Final versions of code would be built on trusted servers whose compilers could not be tampered with and whose private key is not accessible to the developers. Implementing such an environment should not be difficult. No real language changes would be involved, beyond reserving a standardized comment prefix for signatures. Most programmers would only be able to employ safe objects and constructs. The few instances where dangerous usages were really needed would be limited, visible and require authorization. Arnold Reinhold --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]