Not coming directly from a computer background, but enough interaction with it, it seems to me that security, or as someone else put it, "distrusting any user input", is not something typically taught in computer courses, or if it is, it's an afterthought to the rest of the course. True, this is usually not directly a language issue but more of a general programming design issue, but again, I've seen some CSE course listings that don't really have a design course at any point, only technology on top of technology. Even if you look at computer books, that security is not heavily emphasized (a quick memory flip through the ORA CGI mouse book doesn't bring any major security things in the early part of the book to mind, as one example,). In addition, as .NET and Java become more popular, with their 'sandbox' that too many ppl take security for granted, it's bound to continue to be as such. Thus, you get people like the above, or Matt's Script Archives, or other numerous examples.
Thus, IMO, this is something that needs to be fundamentally changed at the low-level of CSE-type programs as to encourage building design around security before any code is written, and to use the language to that advantage to follow insecure input. Perl's one of the few that has this feature with taint mode, but, by default, languages like C, C++, or Java lack it. Thus, it would take more work for those languages to adapt, but certainly not impossible.
Dr. Michael K. Neylon - firstname.lastname@example.org
"You've left the lens cap of your mind on again, Pinky" - The Brain
"I can see my house from here!"
It's not what you know, but knowing how to find it if you don't know that's important
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.
| & || & |
| < || < |
| > || > |
| [ || [ |
| ] || ] ||