>> Harvard architecture, unlike von Neumann architecture, had a strict separation of progrma and data store and representation. It would have been impossible for a program to modify its own or other executable material. Data was not executable, so SQL injection and XSS would have been impossible. (So would a lot of other things, but ...)
I'm not a real computer scientist, I just play one online, but this isn't how I thought it worked. SQL isn't actually executable code, it's just data that program code uses in order to decide what to execute. A program in a Harvard architecture is capable of going "if x==1 then do_this() else if x==2 then do_that(); etc(),etc(),etc()" - can't it? Things like buffer overflows would be impossible with a Harvard architecture, but I don't see why SQL injection or Trojan horse programs or many other malicious items would be any less likely. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine [EMAIL PROTECTED] _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
