Secure Coding mailing list archives
Re: Scripting Languages and Secure Coding
From: Bob Toxen <bob () verysecurelinux com>
Date: Fri, 05 Dec 2003 15:34:01 +0000
On Thu, Dec 04, 2003 at 04:26:37PM -0500, der Mouse wrote:
The C compiler and popular C library routines do not have bugs
If you think this you are deluding yourself. No body of code as large as either is bug-free.
I assumed it was understood that I meant KNOWN bugs. If neither the good guys or the bad guys know about a security bug (and are not likely to) it is not a security issue. Hence, a popular standard is the rate that significant security bugs are discovered.
When PHP has [...] I'll consider it safe for use. Unlike C and Apache, one does not HAVE to use PHP in their system.
One does not have to use Apache. (I don't, for example.) One does not have to use C, either, though I'm not an example; quite aside from people who simply don't compile stuff, there are other languages, even other compiled languages, most of them better than C for some tasks and goodness metrics.
I think that you are nitpicking my comments. I think that it is safe to say that most web servers (that don't use Windows) use C code in the system and use Apache. Can we move on to another topic?
/~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML [EMAIL PROTECTED] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Bob
Current thread:
- Re: Scripting Languages and Secure Coding + code, (continued)
- Re: Scripting Languages and Secure Coding + code Jeremy Thibeaux (Dec 04)
- Re: Scripting Languages and Secure Coding + code Louis Solomon [SteelBytes] (Dec 05)
- Re: Scripting Languages and Secure Coding + code David M. Wilson (Dec 05)
- Re: Scripting Languages and Secure Coding + code Ghita Gh. Serban (Dec 05)
- Re: Scripting Languages and Secure Coding + code securecodingorg (Dec 04)
- Re: Scripting Languages and Secure Coding Jeremy Thibeaux (Dec 03)
- Re: Scripting Languages and Secure Coding Bob Toxen (Dec 04)
- Re: Scripting Languages and Secure Coding der Mouse (Dec 04)
- Re: Scripting Languages and Secure Coding Louis Solomon [SteelBytes] (Dec 05)
- Re: Scripting Languages and Secure Coding ljknews (Dec 06)
- Re: Scripting Languages and Secure Coding Bob Toxen (Dec 05)
- Re: Scripting Languages and Secure Coding Bob Toxen (Dec 04)