Re: Secure Coding for Newbies?

[Alex Russell <alex () netWindows org>]

On Monday 28 October 2002 09:47, Michael R.Bagnall wrote:
> I really don't think that this list is the place to debate what is a
> "good" or a "bad" language for web applications. 

Hmm... I dissagree. The security posture you start with (i.e., the posture 
that the tools you choose grandfather to you) makes a hell of a lot of 
difference when it comes to producing a secure app. The less work that's 
needed to make an app secure, the better since it means there are fewer 
oppourtunities to screw up. Developers who want to write secure code need 
to face the fact that at some point they are beholden to the averages, and 
any tool that makes those averages better is a Good Thing (TM).

We can probably debate the feature-based merrits of languages until we are 
blue in the face, and I agree that wouldn't be a relevant discussion here. 
However, discussion of language choice WRT to how it impacts security is 
most assuredly on-topic.

A good craftsman will never blame his tools, but a good craftsman is also 
going to choose the tools that make his life better. Would you really trust 
a plumber that showed up and asked to borrow whatever wrenches you had 
laying around?

-- 
Alex Russell
alex () SecurePipe com
alex () netWindows org