While I completely agree with this statement, it is a much tougher
sell to management that is seeking to keep the company making money
(or perhaps even alive). I believe that having (and using) an
imperfect tool is better than nothing, so I would at least push for
that. Getting things
On 7/30/09, Brad Andrews wrote:
>
> This is something where I have to watch my own mind. Figuring out a
> binary in C++ is very difficult. The Java is not really a binary, at
> least not in the "runs by itself" meaning. (Everything is (a) binary
> in reality, including the file holding this ema
That is certainly true. I was just commenting on the issue of systems
that work together tightly. None do now (as far as I know), but this
should potentially allow that to happen.
I did here a few moans when this news came out, since IBM is not known
for inexpensiveness from what I hear
Re. Whitehat: yes they have boxes, no they aren't required, yes they have
people. I'm sure they'll expand when they return from Vegas.
Re. Ounce: there's seriously no way to tell which way it will go. Some
companies do really well at acquiring smaller companies and making them
flourish, whi
On 7/29/09 8:08 PM, "silky" wrote:
> Of course it's a binary, it "runs by itself", when there is a java vm
> to run it. Just like you need a win32 vm to run a typical .exe.
You misunderstand the notion of virtual machines if you think of Win32 as a
virtual machine. There is nothing "virtual" abo
In a message dated July 30, 2009 10:09 AM EDT, Paco Hope wrote...
> The Java Virtual Machine is a theoretical machine, and Java
> code is compiled
> down to Java bytecode that runs on this theoretical machine.
> The Java VM is
> the actual Windows EXE that runs on the real hardware. It reads these
Actually it's not vulnerable because the strings are escaped first. My point
is simply that using prepared statements would have been more robust than
escaping strings on the client side. I'm sorry I didn't make that clear, I'll
go edit my post now.
Thanks!
Pascal
Kenneth Van Wyk wrote:
> He
Here's one for the daily UGH!
Great points raised by Pascal Meunier (see below) about poorly
implemented language support for Prepared Statement SQL calls. In
particular, Python's pyPGSQL actually takes its prepared statement and
translates internally to an old-style concatenated string qu
Something occurred to me last night as I pondered where this discussion¹s
tendrils are taking us.
An point I only made implicitly is this: The question wrote:
> All,
>
> The question of ³Is my answer going to be high-enough resolution to support
> manual review?² or ³...to support a developer fi
First, I generally agree that there are many factors that make the true and
factual fidelity of static analysis really REALLY difficult.
However, I submit that by debating this point, you're belaboring the correct
angle of survivable Neptunian atmospheric entry with people that don't
generally
On Jul 30, 2009, at 10:57 PM, Pravir Chandra wrote:
First, I generally agree that there are many factors that make the
true and factual fidelity of static analysis really REALLY difficult.
All good points, to be sure.
I'm a pragmatist, perhaps at times to a fault. Let's not overlook in
thi
11 matches
Mail list logo
