On 07-06-2012 00:04, J.Varghese wrote:
I'm sure most of you have heard of the recent increase of high
profile hacking and security violations. The PlayStation Network,
RSA, LinkedIn, (today) and thousands of lower profile attacks.
The Flame trojan also marks the rise of highly sophisticated
state-sponsored cyberweapons.
I'm not a programmer, so can someone explain this to me: Will
programs and operating systems written in D be safer (I speak of
both memory safety and security bugs) than existing operating
systems written in C and C++? If so, what features and attributes
of D make this the case? How much safer is it? Would it be
possible to identify all the bugs in an OS written in D (within a
reasonable timeframe) or is that still a pipedream?
Thanks for replying. I have followed the development of D for a while. I
just want to know how much safer D is than other languages. Curiosity
and all that.
No programming language (today) can make cryptosystems more or less
mathematically secure. Nor can a programming language make your
business' IT infrastructure less susceptible to attacks (badly
configured firewalls, SQL injections, you name it).
What D *can* do, if you use the features that it gives you, is prevent a
set of common exploits in programs. For instance, D's slicing mechanism
for arrays is significantly more secure than raw operations on pointers
because an out-of-bounds read/write will cause the program to terminate.
So, buffer over-runs are not exploitable. Further, D has type-safe
variadic functions, so common printf exploits are impossible too. D also
prevents stack smashing (if you compile with GDC), but C has this
feature too.
So what D does is that it prevents small but common exploits in
programs. But that doesn't mean that your program is cryptographically
sound/secure, for example.
As always, It Depends (TM). :)
--
Alex Rønne Petersen
[email protected]
http://lycus.org
