Monique Y. Mudama wrote: > On 2006-04-25, Ron Johnson penned: > >>On Tue, 2006-04-25 at 13:34 -0600, Monique Y. Mudama wrote: >> >>>Sure, but I could write a program in COBOL and still load passwords >>>from a plain text file stored with wide-open permissions, just for >>>example. >> >>That's willfully stupid programming. > > > People do stuff like that all the time. As I said, you can write an > insecure program in any language. >
I think you are twisting Ron's point. His original point was that some languages (like C/C++) make it possible to have hard to detect subtle faults that become security problems. Other languages (like COBOL) do away with those subtle issues. Essentially, you have to try and be determined to write something insecure. I think his discussion focused on strings, but it probably extends to other things as well. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~roberto
signature.asc
Description: OpenPGP digital signature