On Tue, 2006-04-25 at 13:34 -0600, Monique Y. Mudama wrote: > On 2006-04-22, Ron Johnson penned: > > On Sat, 2006-04-22 at 09:42 -0600, Monique Y. Mudama wrote: > >> On 2006-04-22, Ron Johnson penned: > >> > > >> > Unless you write with a secure language like COBOL. > >> > >> I'm sure it's possible to write an insecure program in COBOL. > > > > It would be darned hard. > > > > Strings are fixed length, the RTL chops off strings that are longer > > than the variable's PICTURE clause, and space-fills strings that are > > shorter than the PIC. Also, the RTL does array bounds checking, so > > you can't smash the stack that way either. And it doesn't have > > stupid \0-terminated strings. > > > > Face it: any language without malloc() is going to be much more > > secure that C/C++ & Pascal. > > Sure, but I could write a program in COBOL and still load passwords > from a plain text file stored with wide-open permissions, just for > example.
That's willfully stupid programming. The COBOL run-time, though, just "does away" with issues like stack smashing and corrupted heaps. -- ----------------------------------------------------------------- Ron Johnson, Jr. Jefferson, LA USA Remember when environmental doom-and-gloomers said that it would take 10 years to put out the 750 post-GW1 oil fires? Yet they were all out in 6 months. Remember when environmental doom-and-gloomers said in ~1975 that the oil would run out in 50 years? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]