gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Re: Tlacontrib contribution: Alternative to .listin

From: Adrian Irving-Beer
Subject: Re: [Gnu-arch-users] Re: Tlacontrib contribution: Alternative to .listing files
Date: Thu, 23 Sep 2004 12:21:51 -0400
User-agent: Mutt/1.5.6+20040818i 
On Thu, Sep 23, 2004 at 10:41:01AM -0400, Aaron Bentley wrote:

> Okay, it's true that reducing the number of layers reduces the
> number of layers that may contain bugs.  But the more you write, the
> more bugs *you*'re likely to produce.  And scriping languages have
> already had many bugs fixed.
>
> A program written in a scripting language would be much shorter.

Yeah, that's why I meant my statements primarily for *super-short* C
programs.  I forgot about the hex decoding stuff, and also didn't have
a chance to look at the actual source -- I was just commenting on the
validity of the statement that scripting languages were, for all
purposes, safer than C.

If it came down to just the pseudo-code in the first message of the
thread, I think C would be (very marginally) more secure.  As soon as
hex decoding enters into it, trustworthy library code is worth its
weight in gold.

> This CGI program has its own built-in hex-string-to-integer decoder,
> even though the standard C facilities can do that, and are
> thoroughly tested.  The program may be safe, but it's so full of
> gotos and macros that I can't read it.

Right, and for that, a library or scripting language is fine.

> I say all this as the lead developer of a large CGI program
> written in C++.

Ironically, I say all this as someone who gets paid to write stuff in
Perl (fav) and PHP.

Attachment: signature.asc
Description: Digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]