On 19/08/2015 19:14, Edward Bartolo wrote:
I am not assuming anything and understand the risks of buffer overflows. The first step I am taking is to make the code function. The second step is further debug it until it behaves properly and the third step is to correct any potential security issues.
I'm sorry, but no, this is not how it works. The first step, as you say, is to make the code function, and that means *without* security issues in the design. You can't add security in the third step; security cannot be an afterthought, it has to be an integral part of the design. "Correcting potential security issues" may force you to change your API entirely, or rewrite significant portions of your code. This is often impractical, and you may miss some of the issues.
As anyone can understand, projects, whatever they are, are not completed in one step.
Of course projects are not completed in one step. You submitted a code for review, I gave you a review: this is part of the process, let's get on to the next step.
As to studying other languages, here, you are NOT talking to a youth in his twenties or his teens, but to a 48 year old. Learning a new language is a lengthy process and the ones I know are far more than enough for what I do.
I don't care what your age is, or where you live, or what gender you are, or anything else about you. I'm only looking at the code and saying what I think of the code. If you want to write in C, then please take my review into account: it may not be to your liking, but it is honest. Or use whatever other language you want: I won't know it well enough to review you, so I'll be off your back. -- Laurent _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng