Monday, July 28, 2008

Improved Security by Switching Languages?

Had a thought recently and I figured I'd post it. How many of C/C++'s issues in terms of security are resolved by switching languages? For example, D has a string type that you can put variable-length strings into. Will using that instead of a character array will that solve if any? It's an interesting thought because if the language provides better security through it's design, then perhaps we can focus more on the actual problem we're trying to solve instead of having to remember when we can/cannot use strcpy without cause our application to be a huge security risk.

Using a functional programming language will probably solve many of these problems, but I'm wondering if D may be a good-enough replacement since it still allows you to do C/C++ like things, just in a safer fashion.

I have the O'Reilly Secure Programming Cookbook for C and C++, so I may re-read it and see what I come up with.

Labels: , , ,


Post a Comment

Links to this post:

Create a Link

<< Home