you should have quoted your message as flame bait. or at least subclassed it as such. :-) Glynn Clements wrote: > Richard Mirch wrote: > > > Is there any specific reason why you are writing a simple CGI in c++? If > > it is for learning, then I can see the point but this can easily be done > > securely and efficiently in PERL or perhaps PHP(never had a chance to do > > this). > > Whilst it's theoretically possible to write a secure CGI in Perl, it's > a lot easier to get it right in a language such as C++ which: > > a) doesn't make extensive use of "in-band signalling" (i.e. > subsitutions triggered by metacharacters), > > b) has (reasonably) strong typing, and i can see why this makes a program more efficient, but not more secure. > > c) tends to be legible. beauty is in the eye of the beholder. perl is much more legible to me than c++, and i prefer c++ legibility to many other languages. > > > Scripting languages such as Perl are useful for quick hacks, but > security-wise, they truly suck. Scan the BugTraq archives for > references to CGI programs; I would guess that around 90% of > vulnerabilities are due to the above. i don't think so. the majority of the program crashes in this world are related to C/C++ and its use of pointers. it is very easy to write secure perl programs. lots of people, especially beginners just happen to write CGI programs in perl and since they are not yet capable programmers, they write insecure code. beginners don't write CGI programs in C++ because it is outside the capability of beginners to do so. a skilled programmer will write quality code with either language. > > > Also note that, with the use of a decent C++ "string" class, there's > no reason why a program should be susceptible to buffer overruns. > > -- > Glynn Clements <glynn.clementsat_private> -- ___cliff rayman___cliffat_private___http://www.genwax.com/
This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 08:45:49 PDT