On Thu, 17 Jul 2008, Larry Seltzer wrote: > >> Harvard architecture, unlike von Neumann architecture, had a strict > separation of > progrma and data store and representation. It would have been > impossible for a > program to modify its own or other executable material. Data was not > executable, > so SQL injection and XSS would have been impossible. (So would a lot of > other > things, but ...) > > I'm not a real computer scientist, I just play one online, but this > isn't how I thought it worked. SQL isn't actually executable code, it's > just data that program code uses in order to decide what to execute. A > program in a Harvard architecture is capable of going "if x==1 then > do_this() else if x==2 then do_that(); etc(),etc(),etc()" - can't it? > > Things like buffer overflows would be impossible with a Harvard > architecture, but I don't see why SQL injection or Trojan horse programs > or many other malicious items would be any less likely. What's the difference between bytes that are executable, and bytes that are used by the computer to decide what to do?
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
