Python secure?

[Peter Hansen]

Reid Nichol wrote:

> Peter Hansen wrote:
>  > A given programmer will be more likely to create safe and
>  > secure software using Python than with C, thereby making
>  > C the less secure...
> 
> Quite frankly I find C a perfectly viable language to write secure code. 

You haven't really been programming for very long, I think.

> It's only failing is that people don't understand how to use it before 
> they type (which isn't exactly a failing of the language itself, but of 
> the person using it).  A perfect example of this is pointers.  

Ah pointers... wonderful pointers.  The fact that in C it is sometimes
necessary to resort to pointers pretty much illustrates the point (no
pun intended).

A pointer is a low-level detail of the machine architecture, and
requiring a programmer to manipulate it properly is a *failing*
of the language, not of the programmer.  Pointers are difficult,
and this can be shown either a priori or in the very large body
of empirical evidence which has formed as a result.

Your argument (and I don't intend to start a flame war about another
religious area) is tantamount to saying that the only failing of
guns is that people use them to kill other people...  (That argument
has merit, of course, but it sort of misses the whole point.)

> If people 
> wouldn't rush, if they took there time to learn what's actually going 
> on, they wouldn't make those mistakes.

Okay, fair enough... though still arguable.  But let's look at
reality: people do rush.  People don't take the time to learn
what's actually going on.  And even when they do, they are
only human, so sometimes they forget, or get confused, or just
get in a hurry, or in spite of all their best efforts they
still manage not to do it right.  Expecting programmers to
be perfect is unreasonable, and to achieve very secure code in
C one must expect to have perfect programmers.

> One cannot judge a language by it's ability to allow sloppyness.  

Whyever not?  There's no inherent reason why one shouldn't do
exactly that.  Assembly, for example, is a terrible language
from which to expect secure, readable, maintainable programs,
largely because it is so low level that it is incredibly
difficult for the programmer to keep everything straight,
organized, and well-structured.  Impossible to keep well-structured
in fact, because it is inherently an unstructured language.

 > Quite frankly, I've seen some crap
> Python code.  It's the programmer NOT the language.

Not quite: it's the programmer *and* the language.  But for
a given programmer, there are clear differences between two
languages in terms of how readable the resulting code will be,
not to mention how secure.

> I hope others see your clear bias towards Python as I have (One need 
> only to look at your descriptions to see it.).  

As if I ever tried to hide it... :-)

> Remember, there is no 
> one language that everything is good for.  Python, C, C++, Lisp, etc all 
> have things that it is best to program in them.  It all depends on the 
> projects requirements.

All true...  but we _were_ talking about requirements involving
security and, for that, C is not as good as Python.  I think
your final statement is pretty close to agreeing with that,
unless you really want to go back now and argue against yourself,
that C is just as good as Python in that area, or perhaps even
better...  (in which case I'm quite curious what areas you
think Python, C++, and Lisp excel in compared to C.)

-Peter