On Thu, 2005-11-10 at 18:45 +0200, Diego Iastrubni wrote: > Gilboa Davara wrote: > > >They are talking about code isolation and preventing code manipulation, > >while their framework devision has designed the hideous .NET framework > >that forces people to dynamically generate code just to read raw (?!?!) > >TCP (!!!) traffic. (The application devs around me use it to connect to > >the Linux part of the world...) > > > Didnt you ever program a TCP/IP application in perl...? ;-) > > Well, lets say Python, since you can store the compiled binary... >
I wrote maybe 1000 lines of perl code in my life... so I can't really comments on it. Never played with Python. (Though I intend to.) Never the less, at least to my untrained eye, automatically generating code based on network supplied input is like putting a huge sign on over-ones-head saying: "I'm an idiot! please screw me". At best, a malformed packet will crash the program. (Or the system, depending on the target server.) At worse, it'll make buffer overflow vulnerabilities look like kid's game. And this is the new "secure" Microsoft... Gilboa ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
