funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Texas Bank Dumps Antivirus for Whitelisting

From: Drsolly <drsollyp () drsolly com>
Date: Thu, 17 Jul 2008 23:20:33 +0100 (BST)
On Thu, 17 Jul 2008, Larry Seltzer wrote:


Harvard architecture, unlike von Neumann architecture, had a strict

separation of 
progrma and data store and representation.  It would have been
impossible for a 
program to modify its own or other executable material.  Data was not
executable, 
so SQL injection and XSS would have been impossible.  (So would a lot of
other 
things, but ...)

I'm not a real computer scientist, I just play one online, but this
isn't how I thought it worked. SQL isn't actually executable code, it's
just data that program code uses in order to decide what to execute. A
program in a Harvard architecture is capable of going "if x==1 then
do_this() else if x==2 then do_that(); etc(),etc(),etc()" - can't it?

Things like buffer overflows would be impossible with a Harvard
architecture, but I don't see why SQL injection or Trojan horse programs
or many other malicious items would be any less likely.

 
What's the difference between bytes that are executable, and bytes that 
are used by the computer to decide what to do?

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: