[SATLUG] thoughts on languages
Duff DeWayne SA AFOSI/Det 401
Dewayne.Duff at ogn.af.mil
Tue Dec 5 13:40:47 CST 2006
Any of you ever read O'Reilly's PHPUnit pocket guide? I was looking for just one or two functions I couldn't do any other way, but before doing them in PHP, I bought this book to see what I could do in the way of testing. While I'm sure there are still many risks I'm still ignorant of, PHP Unit claims to aid you in writing code by writing the safe results of your test, versus just writing code. I'm still experimenting with it so I can't boast yet, just wondered if anyone else has read it. --D²
-----Original Message-----
From: satlug-bounces at satlug.org [mailto:satlug-bounces at satlug.org] On Behalf Of Travis H.
Sent: Tuesday, December 05, 2006 1:27 PM
To: satlug at satlug.org
Subject: Re: [SATLUG] thoughts on languages
On Tue, Dec 05, 2006 at 01:06:03PM -0600, Bruce Dubbs wrote:
> If you want to mimimize SLOC, have you ever looked at Forth? :)
I've heard about it, and heard that a FORTH program can be smaller than a hand-crafted assembly program, and that the Mac firmware uses it, which is brilliant.
> The problem with misusing PHP as a web application is not, IMO, due to
> PHP. It is more that the users don't understand HTTP (and possibly
> mysql) and how it can be misused.
That's true to a certain extent, but also some of the idioms make it very easy to write secure code. For example, the mail() function, as I understand it, does not insert a blank line between the headers of the message and the body. So if you code a naive form, anybody can add a "To:" line or a "Cc:" line or better yet a "Bcc:" line and spam some third party with a bot that automates all of this. None of this is intuitive at all.
For more info see:
http://www.securephpwiki.com/index.php/Email_Injection
Secondly, people writing in PHP are lazy. There are suites out there that require register_globals to be on, and they never would have existed had that poorly-thought-out setting never existed. So people install them, turn it on, and get hacked routinely. I see this all the time at Rackspace. I would say that register_globals and allow_url_fopen together account for 90% of the apache-level compromises.
> This is especially true because
> relatively intelligent people with no training can do "something" with
> PHP. Most people can fly an airplane for a while without much training.
> Its just easy to get into trouble (Takeoff is optional, landing is
> mandatory.)
True... many are novices and assume that if the program works as intended during a test, that's enough. What they need to ask is if there is a test that could make them not work as intended, and that's a much, much harder problem.
> What are the options? You can increase safety by removing
> functionality
Well, what happened with libc in OpenBSD is that people discovered it was really non-intuitive to use strcpy/strncpy and such securely, so they created strlcat/strlcpy and issued warnings whenever you used code that used the deprecated functions.
> Bash (or rm) certainly lets you do that. Should this be disallowed?
The question is not whether you can shoot yourself in the foot.
The question is, if a complete novice picks up the gun and tries to unload it, or turn the safety on, will it shoot them instead?
If so, that's very bad design. It should be clear to a lay person which end is the dangerous one.
--
"Cryptography is nothing more than a mathematical framework for discussing various paranoid delusions." -- Don Alvarez <URL:http://www.subspacefield.org/~travis/> -><-
--
_______________________________________________
SATLUG mailing list
SATLUG at satlug.org
http://alamo.satlug.org/mailman/listinfo/satlug to unsubscribe Powered by Rackspace (www.rackspace.com)
More information about the SATLUG
mailing list