RE: safe strcpy()?
From: Hall, Philip (phall@spss.com)
Date: 01/29/03
- Previous message: mlh@zip.com.au: "Re: safe strcpy()?"
- Maybe in reply to: Ed Carp: "safe strcpy()?"
- Next in thread: Daniel Reed: "RE: safe strcpy()?"
- Reply: Daniel Reed: "RE: safe strcpy()?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Jan 2003 22:00:33 -0600 From: "Hall, Philip" <phall@spss.com> To: <secprog@securityfocus.com>
> Of course, the real way to build secure software is not
> to use "safe" functions, but to check data validity :-)
Hang on, that sounds akin to not having locks (safe functions) on your front door, but posting a guard (data validation) at the end of your drive way...hmmmmm I think I'll stick to my eXtreme Defensive Programming (XDP) and be paranoid about everything...unless you meant that by *adding* the data validity to the 'safe' functions to beef them up...?
--phil
- Next message: Ed Carp: "RE: safe strcpy()?"
- Previous message: mlh@zip.com.au: "Re: safe strcpy()?"
- Maybe in reply to: Ed Carp: "safe strcpy()?"
- Next in thread: Daniel Reed: "RE: safe strcpy()?"
- Reply: Daniel Reed: "RE: safe strcpy()?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
