Secure Coding mailing list archives
RE: How C# does fit the bill? (was: MISRA C)
From: "Tegels, Kent" <Kent.Tegels () hdrinc com>
Date: Fri, 02 Jan 2004 16:55:43 +0000
Well, here's my $0.02 USD on this. C# is widely implemented on the Microsoft platform and is making in-roads elsewhere. Its been submitted to ECMA for consideration for "standardization." Personally I feel C# is still fairly young and will grow a lot over the next few years. In the next update to the .NET framework, C# finally gets generics, partial classes and whole bunch of other tweaks. [http://download.microsoft.com/download/8/1/6/81682478-4018-48fe-9e5e-f8 7a44af3db9/SpecificationVer2.doc] I can't really speak to how well designed of a language it is because that's a fairly selective standard. Perhaps Mr. Hejlsberg will speak to that more. It does what I need it to do without getting the way, so I suppose its fine in that sense. C# seems as type-safe was you want it to be. For me, that's always a consideration so I make sure that my editors and so on are set up to do require it or not compile. That's not to say you can't get yourself into configurations that lead to dubious type safety with the language and tools. So far, though, I've not really gotten bit by such things. Late binding is sometimes an issue, so we do have to dance around that if we want to enforce type-safety. Is it really an Object-Oriented language? Again, I suppose that depends on how you define that "standard" and what you expect. No multiple inheritance in C#. That's probably a good thing, though. In the final analysis, I suppose that C# is good enough for me be productive in. Its much better in that sense that the "Tangled Triad of MS C++, MFC and COM. Its easier to write "more secure" code in and its much easier to write security-driven code in than what we've had before. Thanks! kt -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Anderson Sent: Thursday, January 01, 2004 6:14 PM To: [EMAIL PROTECTED] Subject: RE: [SC-L] How C# does fit the bill? (was: MISRA C)
"David Crocker" <[EMAIL PROTECTED]> 12/31/03 3:17:09 PM >>>
DC> What I would like to see is a widely-implemented, well-designed, DC> type-safe object-oriented language. DC> Eiffel comes close but is not widely implemented or used. The DC> present version of Ada (95) is a poor choice for serious O-O DC> development. Maybe in future we will see a C++ subset based on DC> extending the MISRA standard. I would be interested to hear your thoughts (and anybody else's) on how well C# fits this criteria and does not. And where does it meet secure coding practices and where it fails. I'm not after a MS bashing thread (or flame wars) but an honest study and impression. As several threads in the list have pointed out, good security and coding practices are not exclusively dependent on the language used but the programmer writing it. However, some languages do lend themselves to easier implementations than others (e.g. Java's sandbox approach).
From my limited use of it, I think it holds a lot of potential. I've
been able to easily create database readers, edit forms, and even read binary files mixed with 8, 16, & 32-bit integers from 1985. This was possible because of the classes provided in the .NET Framework and the similarity of the language itself to C/C++/Java. But, I'm sure many of you in the group have far more extensive experience than I. So what say you? Oh, and Happy New Year ;) -- Erik W. Anderson, GIS Analyst WWW: http://www.kitsapgov.com/gis/ Kitsap County GIS E-mail: [EMAIL PROTECTED] 614 Division St., MS-21 Voice: (360) 337-4443 Port Orchard, WA 98366-4682 FAX: (360) 337-4555
Current thread:
- RE: How C# does fit the bill? (was: MISRA C) Erik Anderson (Jan 02)
- <Possible follow-ups>
- RE: How C# does fit the bill? (was: MISRA C) Tegels, Kent (Jan 02)