On Fri, 28 Jun 2013 17:04:51 -0400, John Gilmore wrote: >The elephant in the room is being studiously ignored. > Me?
>The crucial objection to C's nul-delimited strings of 'conceptually >unlimited' length has so far gone unmentioned here. They have been >the all but exclusive foci of security breaches, thousands of them, of >systems written in C/C++ and their dialects. > You have, in the past, deprecated "nanny languages", those which enforce compile time or run time validity constraints. Yet Wheeler is praising Pascal for so protecting against security breaches. It's as easy in C as in assembler to check for buffer overrun (and easier in both cases not to check; damn the consequences). C provides safer versions for many standard library functions: o instead of strcpy(), strncpy() o instead of strcat(), strncat() o instead of strcmp(), strncmp() o instead of sprintf(), snprintf() o instead of gets(), fgets() etc. Admittedly (I believe), the safer forms are newer, and old habits die hard. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
