Re: OT: Re: Secure popen

From: Ben Ford (bfordat_private)
Date: Mon Jun 25 2001 - 02:58:45 PDT

  • Next message: Glynn Clements: "Re: execve() x system()"

    >
    >
    >>lots of people, especially beginners just happen to write CGI programs in
    >>perl and since they are not yet capable programmers, they write insecure
    >>code.  beginners don't write CGI programs in C++ because it is outside the
    >>capability of beginners to do so.  a skilled programmer will write quality
    >>code with either language.
    >>
    
    This argument is entirely false, as you would see if you thought about 
    it a bit.  
    
    You are saying that Perl is insecure because it is easier to write for 
    and there are more newbies using it . . .
    
    . . . so why don't these newbies ever learn?  If Perl is easier, it 
    should be easier to master, right?  And if you've mastered the language, 
    you should be able to program securely, right?  So if Perl is easier to 
    learn, then it should be more secure.  However . . .
    
    . . . C is harder to learn, so it stands to reason that more people will 
    make mistakes writing it, and therefore pump out insecure programs by 
    the bushel.  But not compared to Perl!
    
    Since real life is not what is shown by a simple logics experiment, 
    there must be other factors that are not taken into account.  Namely, 
    that Perl is cheesecloth when it comes to security.
    
    -b
    
    -- 
    So, make a real effort to avoid getting sucked into all the expensive
    lifestyle habits of typical Americans.  Because if you do that, then
    people with the money will dictate what you do with your life.
                    --Richard Stallman
    



    This archive was generated by hypermail 2b30 : Mon Jun 25 2001 - 18:42:19 PDT