[cap-talk] Midori in The Register
Rob Meijer
capibara at xs4all.nl
Wed Aug 6 16:05:23 CDT 2008
On Wed, August 6, 2008 21:46, Jonathan S. Shapiro wrote:
> On Wed, 2008-08-06 at 20:34 +0100, Ben Laurie wrote:
>> OK. So you agree that
>>
>> "That is: managed code cannot guarantee security, but type-unsafe code
>> (which is not quite the same as unmanaged code) does guarantee the
>> absence of security."
>>
>> is incorrect.
>
> While the idiom you favor is useful, Apache is type-unsafe, because it
> lacks any automated means of checking and its mechanisms can therefore
> be bypassed.
>
So by this reasoning, if one was to write a program in C or C++, using
coding standards and constructs geared at type safety, and validate this
code on not violating the coding standards by way of a code review, the
code would still be unsafe. But when someone manages to create some
-pedantic-typeunsafe-errors for gcc or g++ to do the checks the codereview
did, the exact same source code would instantly be considered safe,
without a single line of code being changed?
More information about the cap-talk
mailing list