tito via Dng said on Tue, 1 Feb 2022 13:49:30 +0100 >On Tue, 1 Feb 2022 09:50:31 +0100 >Didier Kryn <k...@in2p3.fr> wrote: > >> Le 31/01/2022 à 19:16, Steve Litt a écrit : >> >> Writing a self-daemonizing daemon in C was a routine when I >> >> was still active, though I understand it could be more difficult >> >> in shell. >> > But more difficult in Python. I try to stay away from C if Python >> > does the job. I think Python3 plus its standard libraries are more >> > secure than C code written by the error prone Steve Litt. >> >> Let me generalize: "I think Python3 plus its standard libraries >> are more secure than C code written by an error prone human being." >> (~: > >You made my day ;-) ... and Python is written in which programming >language?
This is my point exactly. The C in Python was written by much more careful and security aware programmers than I, checked by thousands. This is why you almost never hear of security flaws or bugs in Python3. Although made from C, Python3 has no pointers and has infinitly expandable arrays and dictionaries, so no pointer exploits, no errant pointers, no ininitialized pointers, and no buffer overflows. They pull off RAM from the stack and the heap in the right way, and have garbage collection, so memory leaks and the like are unlikely to occur by accident. I can screw up a Python program in many ways, but assuming I cleanse my inputs, few of those ways are a security risk. In the hands of anything but a very careful and security-knowledgeable programmer, writing Python3 is more secure than writing C. You could think of Python3 as C with seatbelts and airbags, and a heck of an inefficient transmission. SteveT Steve Litt Spring 2021 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
