Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blame Bad Security on Sloppy Programming

Posted by simoniker on from the all-your-fault dept.

CowboyRobot writes "ACM Queue has an article that blames security flaws on poor programming, rather than any inherent problems with particular languages. From the article: 'Remember Ada? ... we tried getting everyone to switch to a 'sandboxed' environment with Java in the late 1990s... Java worked so well, Microsoft responded with ActiveX, which bypasses security entirely by making it easy to blame the user for authorizing bad code to execute.'"

2 of 592 comments (clear)

  1. Especially True in PHP by Dozix007 · · Score: 5, Informative

    The same is especially true in PHP. The short learning curve for getting started in the language allows for a great deal of insecure coding on the internet. I run a site that promotes secure programming, and is running a security challenge for writing scripts as well. The URL is http://www.uberhacker.com

  2. Re:They have by johnnyb · · Score: 5, Informative

    Actually, you can continue to use C/C++ and just use a garbage collector with them. I don't know why more people don't do this. You don't even need to change your code, as Boehm's garbage collector translates malloc() to it's own allocation routine, and free() does nothing.

    In fact, even better, if you have Boehm GC installed anywhere on your system you can do this for already compiled programs using LD_PRELOAD.

    Just do:

    export LD_PRELOAD=/path/to/libgc.so
    /path/to/program

    and I'm automagically using a garbage-collected runtime for the program, even if it was compiled to use the standard malloc()/free() calls.

    --
    Engineering and the Ultimate