Ok -- I am by far NOT a programmer but I have been doing system administration for some time for software companies. From my experience it is the programmer not the language that makes a program what it is.
If the program is not secure or highly exploitable then that is a fault of the programmer not the language. Blaming C or C++ for not securing the code for you or providing you with to much power is ridiculous. That is like blaming a car manufacture because your car has to much horsepower and you were going to fast and hit poll. Programming is like driving - YOU are behind the wheel and in control. If you can not handle it try a 3 cyclinder car and basic HTML :) Michael. On Mon, 1 Dec 2003 09:58:33 -0600 (CST) Ron DuFresne <[EMAIL PROTECTED]> wrote: > On Sun, 30 Nov 2003, Jonathan A. Zdziarski wrote: > > > > > > Aren't such measures -- especially the former -- simply crutches > > > that effectively _encourage_ the continuation of poor (even > > > downright negligent) programming practices? > > > > Only to the extent that TCP wrappers and firewalls are simply > > crutches to effectively encourage the continuation of poor systems > > administration. > > > > > > Quite a flaw in logic there, I'm sure you meant; > > Only to the extent that TCP wrappers and firewalls are simply crutches > to effectively encourage the continuation of poor systems networking > protocols that already exist. > > > Being that the flaws are inherent to the network protocols in use. > Admins have long known how to lock a system down, and keep it that > way, remove all users and limit access and functionality. That tends > to make the system far less then useful. But, the core issue lies > with the networking protocools that are meant to make iintersystem > communications actually happen. There was no security within their > design, security was the lowest factor in the developers mind at the > time. And of course a rewrite of all that code and then pushing that > to the internet-citezenry at large would be fairly daunting eh? Look > how well the conversion from ssh1 to ssh2 has progressed... > > > Thanks, > > Ron DuFresne > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html