[kwlug-disc] Security arguments
unsolicited at swiz.ca
Sun Sep 27 13:42:20 EDT 2009
Raul Suarez wrote, On 09/23/2009 2:25 PM:
> I agree with Chris, for professional development, scripting has its
> place in the admin room, but not in the front facing applications.
> You can do it, some may even do it successfully but a solid
> compiled language will save you many headaches.
This all makes me remember, in a former life as a (QNX / On-Screen) C
programmer, how I was able to get them to buy lint for me. Given the
countless hours it saved me, I couldn't have imaged anyone not running
it - e.g. I don't know how many times it pointed out I was trying to
printf an int as a string, and vice versa. For each catch, there was a
compile, test, discover, correct, cycle prevented.
Strangely, I could never get the boss (the other C programmer) to use
it. Heck, he wouldn't use make. No matter how many times I showed him
how it caught things, even when debugging together. Never could get
him to run the debugger either, but ...
Lint is essentially an over-anxious c pre-processor. Is there not an
equivalent for these scripted languages? Let alone do not many
'compile' down to pseudo-code (intermediary language) wherein the
compiler checks these thread author's rave about are done?
For that matter, where are these scripting language's secure
programming guidelines and coding best practices, and why do these
scripting languages not enforce such?
And does the answer to that really explain why good security
programming practices are not followed more universally?
Finally, if scripting languages = bad (being over-simplistic here),
what are the equivalent ide / compiled languages, and why are they not
used more prevalently? If a scripting language can be learned /
More information about the kwlug-disc_kwlug.org