 |
 |
 |
 |
|
|
Date: 11/15/00
- Next message: Zeev Suraski: "Re: [PHP-DEV] CVS Account Request"
- Previous message: Jim Jagielski: "Re: [PHP-DEV] CVS Account Request"
- In reply to: Jim Jagielski: "Re: [PHP-DEV] CVS Account Request"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 02:26 16/11/2000, Jim Jagielski wrote:
>Zeev Suraski wrote:
> >
> > I don't think it's related, but there is a quality problem. It doesn't
> > come to say that PHP is of poor quality, but it does contain quite a few
> > very poorly written pieces of code, and many bugs. It doesn't mean we're
> > not doing a good job, but it does mean that there's still lots of work to
> > be done...
> >
> > This discussion was not (mainly) about code quality though, but about
> security.
>
>Security can be compromised 2 ways: intentional nefarious code and
>poorly written or buggy code exploited. :)
>
>By definition, I think buffer exploits are due to poorly written code ;)
>
>*duck*
Hehe :)
You're right, security goes hand in hand with high quality code. It goes
back to what kind of QA we have. Functional QA is likely not to spot
buffer overflows, because buffer overflows usually result from the coder
assuming that the buffer would be big enough, and it usually is, unless you
try to exploit it intentionally.
Zeev
-- Zeev Suraski <zeev <email protected>> CTO, Zend Technologies Ltd. http://www.zend.com/-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Zeev Suraski: "Re: [PHP-DEV] CVS Account Request"
- Previous message: Jim Jagielski: "Re: [PHP-DEV] CVS Account Request"
- In reply to: Jim Jagielski: "Re: [PHP-DEV] CVS Account Request"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]