Python secure?
Reid Nichol
rnichol_rrc at yahoo.com
Tue Aug 17 00:50:47 EDT 2004
Peter Hansen wrote:
> Reid Nichol wrote:
>
>> And because some M$ employee did something sloppy it is an implication
>> that C is bad. Hell, even strncpy can be dangerous. How many times
>> do I have to say the responsibility is the programmers, *not* the
>> language.
>
>
> The *responsibility* is clearly the programmer's, but the *language*
> tends to encourage or discourage certain kinds of programmer behaviour,
> including the writing of secure code.
>
> Surely you wouldn't argue that all languages promote different
> kinds of coding equally well, or even that the choice of language
> has *no impact whatsoever* on how a programmer will code, or what
> kinds of solutions he will attempt to use in his code?
>
> -Peter
Here, this programmer made a rookie mistake. (S)he clearly had no
business writing the code (s)he did. It isn't the languages fault, it's
the programmers.
In general, I believe that if the programmer is a poor programmer then
they'll find a way to mess up no matter what language they use. The
language will just state how big that mess up can/will be on average.
But, if someone wants secure programming done and they charge a rookie
to do it, they get what they deserve. If they want secure code and they
hire an years guru (at the language) coder that knows nothing of writing
*secure* code, they get what they deserve.
The ability to write secure programs is a rare talent and those that
need it, need to develop the ability to see this quality in there
employees (or the ability to find them). This isn't something that
anyone can pick up and learn, one must have something inside them that
enables them to do it. And all that evidence that was spoken of merely
supports the fact that it is a rare talent indeed.
More information about the Python-list
mailing list