From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.4 required=5.0 tests=BAYES_00,FORGED_MUA_MOZILLA autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,af0c6ea85f3ed92d X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Received: by 10.68.238.198 with SMTP id vm6mr3370094pbc.3.1328867288083; Fri, 10 Feb 2012 01:48:08 -0800 (PST) Path: wr5ni8151pbc.0!nntp.google.com!news2.google.com!news3.google.com!feeder1-2.proxad.net!proxad.net!feeder2-2.proxad.net!newsfeed.arcor.de!newsspool4.arcor-online.net!news.arcor.de.POSTED!not-for-mail Date: Fri, 10 Feb 2012 10:47:33 +0100 From: Georg Bauhaus User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Arbitrary Sandbox References: <5a2b1b92-f31f-41ef-ba58-b9d6ae7dff11@ub4g2000pbc.googlegroups.com> <8e83f2be-c6e9-4b0b-b53c-d50fe70d01e1@pq6g2000pbc.googlegroups.com> In-Reply-To: <8e83f2be-c6e9-4b0b-b53c-d50fe70d01e1@pq6g2000pbc.googlegroups.com> Message-ID: <4f34e7b6$0$6565$9b4e6d93@newsspool4.arcor-online.net> Organization: Arcor NNTP-Posting-Date: 10 Feb 2012 10:47:34 CET NNTP-Posting-Host: ddd77e51.newsspool4.arcor-online.net X-Trace: DXC=Jil\RC?>SV_cHPTNZh_e7Q4IUKZLh>_cHTX3j]kZ_NGliUG9[ X-Complaints-To: usenet-abuse@arcor.de Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Date: 2012-02-10T10:47:34+01:00 List-Id: On 10.02.12 03:21, Rob Shea wrote: > My bad... I will not be doing any coding on this project. I have been > dropped in to get the client's/investor's/internal technical teams all > on the same page as there has been much bickering. That sounds like there is an opportunity to force either camp to respond to some questions that do not allow much bickering. The answers should influence the language choice (if any). As a bonus, answers based on facts should help everyone saving face. The starting point is whether the two options Ada vs C# will "provide important security features", or whether they are sold with a promise of providing important security features. Is this enough? The necessary follow-up question addresses whether the project would need - a secured system, or - a secure system, or - something that (how exactly, given the context?) provides security features? Can members of either party claim anything of the above at some level of expertise, and at a sufficient level of detail? Can they name meaningful definitions of the above terms? Can they exemplify how these things mentioned will interact, specifically, with the choice of language? Some subjects: Security experts have explained that the shift from Windows Vista to Windows 7 has meant more user satisfaction with UAC at the price of UAC defaulting to insecure. Does access control, in general, matter? In which ways? Should it be part of testing applications? (I imagine that some will answer in the style of "you just have to change the defaults..." which seems technically correct to some extent. Should help to put the requirements in focus, in any case. The more often someone says the words "your just have to...", the less the built-in security seems to be, and the more diligence is needed.) By which technique do the C# compiler and then the .NET JIT compiler produce safer executables than a compiler that produces executables directly? This question should test actual knowledge. Is the goal to produce applications that mainly add MVC glue to existing .NET classes? Catch question: Is VB.NET more or less secure than C#? Why not VB.NET, then?