From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,85034d1ac78a66eb X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2002-03-10 12:37:52 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!headwall.stanford.edu!unlnews.unl.edu!newsfeed.ksu.edu!nntp.ksu.edu!news.okstate.edu!not-for-mail From: David Starner Newsgroups: comp.lang.ada Subject: Re: Ada Operating System Date: 10 Mar 2002 19:40:50 GMT Organization: Oklahoma State University Message-ID: References: <3c77b476.322111671@news.cis.dfn.de> <3C88E0D1.89161C16@despammed.com> <3C8A3999.2000301@earthlink.net> <3C8B0191.3080705@mail.com> Reply-To: starner@okstate.edu NNTP-Posting-Host: x8b4e555e.dhcp.okstate.edu User-Agent: slrn/0.9.7.3 (Linux) Xref: archiver1.google.com comp.lang.ada:21029 Date: 2002-03-10T19:40:50+00:00 List-Id: On Sun, 10 Mar 2002 06:44:05 GMT, Hyman Rosen wrote: > Many of the > errors and vulnerabilities that show up these days are "cross- > scripting" errors and the like, where programs execute externally > submitted scripting code because they fail to properly validate > inputs. This is purely an error of program logic - no automated > language checking is going to catch this. It can catch at least part of this - think sandboxing or Perl's taint mode. That's a problem for the scripting language, though. -- David Starner - starner@okstate.edu "It's not a habit; it's cool; I feel alive. If you don't have it you're on the other side." - K's Choice (probably refering to the Internet)