On 2006-04-22, Ron Johnson penned: > On Sat, 2006-04-22 at 09:42 -0600, Monique Y. Mudama wrote: >> On 2006-04-22, Ron Johnson penned: >> > >> > Unless you write with a secure language like COBOL. >> >> I'm sure it's possible to write an insecure program in COBOL. > > It would be darned hard. > > Strings are fixed length, the RTL chops off strings that are longer > than the variable's PICTURE clause, and space-fills strings that are > shorter than the PIC. Also, the RTL does array bounds checking, so > you can't smash the stack that way either. And it doesn't have > stupid \0-terminated strings. > > Face it: any language without malloc() is going to be much more > secure that C/C++ & Pascal.
Sure, but I could write a program in COBOL and still load passwords from a plain text file stored with wide-open permissions, just for example. -- monique Help us help you: http://www.catb.org/~esr/faqs/smart-questions.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
