Richard Mirch wrote: > Is there any specific reason why you are writing a simple CGI in c++? If > it is for learning, then I can see the point but this can easily be done > securely and efficiently in PERL or perhaps PHP(never had a chance to do > this). Whilst it's theoretically possible to write a secure CGI in Perl, it's a lot easier to get it right in a language such as C++ which: a) doesn't make extensive use of "in-band signalling" (i.e. subsitutions triggered by metacharacters), b) has (reasonably) strong typing, and c) tends to be legible. Scripting languages such as Perl are useful for quick hacks, but security-wise, they truly suck. Scan the BugTraq archives for references to CGI programs; I would guess that around 90% of vulnerabilities are due to the above. Also note that, with the use of a decent C++ "string" class, there's no reason why a program should be susceptible to buffer overruns. -- Glynn Clements <glynn.clementsat_private>
This archive was generated by hypermail 2b30 : Wed Jun 20 2001 - 17:42:49 PDT