On The Insider: Beyonce and Swift Top Grammy Noms
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 1 of 30:
Next »
Murph - you're stuck in the 80s
The simplest programming statement of the lot is the GOTO. It is also the most dangerous because you can do *anything* with it. You can cross loops, functions, procedures, etc and corrupt return stacks and so forth. That is why it is so dangerous - because it is *so* easy to use.

The harder thing is getting a programmer to be disciplined enough to use it correctly in all instances.


"I found it to be a fairly common opinion with many writers claiming that languages like Java (and therefore C#) make it easy to write safe code"

That should be *safer* code, not safe code.


while cheerfully referring to the insecurity of things like pointer usage in C as if these were real language issues - - which they?re not

Oh yes they are. The pointer is C's achilles heel because, like the GOTO, there are no restrictions on what the programmer can do with it.


"C rely on binary executables generated by compilers that can themselves introduce dangerous generalisations"

Faulty compilers are a risk for any language


"What makes a Java application harder to attack isn?t a language intrinsic but the addition of a software layer; or sand box"

Wrong again Murph. What make Java harder to attack than C is the factor that the code generates less vulnerabilities. The lack of pointers in Java, the lack of the GOTO statement, the use of classes and libraries of proven code, the enforcement of try...catch blocks - these are what makes Java's code safer than C's code.

C's standard library functions are vulnerable to buffer overflow attacks, particularly something as innocuous as strcpy. It's only copying a string - and it's dangerous! That fact that Java stops you "falling off the end" of a string eliminates a whole raft of possible errors.
Posted by: bportlock   Posted on: 06/25/07 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Murph - you're stuck in the 80s  bportlock | 06/25/07
What I think you're thinking..  murph_z ZDNet Moderator | 06/25/07
The programmer is a very dangerous component...  bportlock | 06/25/07
Wordpress strikes again!  bportlock | 06/25/07
I think what Murph is getting at is...  Mark Miller | 06/25/07
Not the Runtime  DannyO_0x98 | 06/27/07
You need to be more clear  Erik Engbrecht | 06/25/07
Hmmm, yes and no. Must remember more history.  No_Ax_to_Grind | 06/25/07
Guns kill people  John L. Ries | 06/25/07
Meant to say: People do kill people (NT)  John L. Ries | 06/25/07
No, guns kill people  aep528 | 06/25/07
Neither people not guns do not kill people  Michael Kelly | 06/25/07
"nor"... not "not"(nt)  Michael Kelly | 06/25/07
Actually they are fun to shoot at paper targets too.  Linux User 147560 | 06/26/07
C is a gun without a safety  Erik Engbrecht | 06/25/07
And Ada  Roger Ramjet | 06/25/07
How to shoot yourself in the foot  bportlock | 06/25/07
Same again, but hopefully better formatted  bportlock | 06/25/07
ROFL - (NT)  murph_z ZDNet Moderator | 06/25/07
Ada was designed  Roger Ramjet | 06/25/07
I have never used Ada  murph_z ZDNet Moderator | 06/25/07
Solaris? Linux?  Erik Engbrecht | 06/25/07
Yes  murph_z ZDNet Moderator | 06/25/07
4GLs, paraphrasing a great  Erik Engbrecht | 06/25/07
He was wrong about APL too  murph_z ZDNet Moderator | 06/25/07
Ada was designed  Roger Ramjet | 06/25/07
Don't be silly!  bportlock | 06/25/07
On their financial systems - Yes.  murph_z ZDNet Moderator | 06/25/07
Depends on what's at risk  scott1329 | 06/26/07
Addressing to Achieve Security  dpbaird | 06/28/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement

SmartPlanet

Click Here