•Re: Re: •Re: Re: •Re: Re^2: Untainting safely. (b0iler proofing?)

I still feel that something that must be done, project after project, and time after time within each project, is an ideal candidate for factorisation.

And that's been done. And it's already available. It's called the "Perl Security FAQ" and the "Web Security FAQ". It's installed as humanware, not computerware, because the problem is not the programs, the problem is the programmers.

No amount of Perl code would keep you from typing a single-arg system call. But 15 minutes staring at the Security FAQ, and bingo, you know not to type that.

Why is that so hard to get?

{sigh}

-- Randal L. Schwartz, Perl hacker

Comment on •Re: Re: •Re: Re: •Re: Re^2: Untainting safely. (b0iler proofing?)

Replies are listed 'Best First'.
Re: ďż˝Re: Re: ďż˝Re: Re: ďż˝Re: Re^2: Untainting safely. (b0iler proofing?) by BrowserUk (Patriarch) on Jun 26, 2002 at 22:54 UTC
When something is difficult and/or dangerous and needs to be done repeatedly. When "human factors" mean that even the most god-like perfectionist can have a bad day. When simple economic factors prevent "proper code reviews and audit" with experienced and security trained peers. Or the hiring of expensive external expertise. When programmer turnover can be high. Simple logic and long-standing IT practice suggests that coding it once, getting it right, using it everywhere is the way to go. It is much easier to review code to check that the appropriate routine was called to sanitise all external data, than it is to inspect and verify that they way the sanitisation has been done is correct. Especially if the use of the sanitised data is to pass it to an external module - possibly third-party sourced. And I do get it? I just happen to think that you are wrong. {sigh}	[reply]

Replies are listed 'Best First'.

Re: ďż˝Re: Re: ďż˝Re: Re: ďż˝Re: Re^2: Untainting safely. (b0iler proofing?)
by BrowserUk (Patriarch) on Jun 26, 2002 at 22:54 UTC

When something is difficult and/or dangerous and needs to be done repeatedly.

When "human factors" mean that even the most god-like perfectionist can have a bad day.

When simple economic factors prevent "proper code reviews and audit" with experienced and security trained peers. Or the hiring of expensive external expertise.

When programmer turnover can be high.

Simple logic and long-standing IT practice suggests that coding it once, getting it right, using it everywhere is the way to go.

It is much easier to review code to check that the appropriate routine was called to sanitise all external data, than it is to inspect and verify that they way the sanitisation has been done is correct. Especially if the use of the sanitised data is to pass it to an external module - possibly third-party sourced.

And I do get it? I just happen to think that you are wrong. {sigh}

[reply]