Re: Texas Bank Dumps Antivirus for Whitelisting

["Larry Seltzer" <larry () larryseltzer com>]

> > Harvard architecture, unlike von Neumann architecture, had a strict
separation of 
progrma and data store and representation.  It would have been
impossible for a 
program to modify its own or other executable material.  Data was not
executable, 
so SQL injection and XSS would have been impossible.  (So would a lot of
other 
things, but ...)

I'm not a real computer scientist, I just play one online, but this
isn't how I thought it worked. SQL isn't actually executable code, it's
just data that program code uses in order to decide what to execute. A
program in a Harvard architecture is capable of going "if x==1 then
do_this() else if x==2 then do_that(); etc(),etc(),etc()" - can't it?

Things like buffer overflows would be impossible with a Harvard
architecture, but I don't see why SQL injection or Trojan horse programs
or many other malicious items would be any less likely.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.