|
|
On 2/15/2011 11:40 AM, Darren New wrote:
> An interesting thought: The top three types of computer security
> failings all come from having violating an abstract Harvard architecture
> abstraction implemented on top of a Von Neumann machine. That is, buffer
> overrun, cross-site scriping, and SQL injection all happen on systems
> where the underlying implementation language treats code and data as if
> they're in separate address spaces and yet allows that abstraction to be
> broken in order to execute data as code. The work-arounds for all these
> problems consist of ensuring one does not break the Harvard
> abstraction's implementation.
>
> For example, consider how much safer SQL would be if it was configured
> to only run prepared statements invoking stored procedures. And I
> daresay that buffer overruns were much less damaging in the days when
> the code was addressed via the code segment and the stack was addressed
> via the stack segment. (Not entirely safe from buffer overruns, mind,
> but much safer.)
>
> The whole thing of DEP and base address randomization is a lame attempt
> to enforce the Harvard architecture to a greater degree without having
> to fix the unsafe languages.
>
Ah.. So, we should fix the problem created by adding flexibility to the
languages, so we can do more than pre-tested, pre-coded, very strict
things, by getting rid of all the flexibility? Somehow that seems...
kind of problematic. lol
--
void main () {
If Schrödingers_cat is alive or version > 98 {
if version = "Vista" {
call slow_by_half();
call DRM_everything();
}
call functional_code();
}
else
call crash_windows();
}
<A HREF='http://www.daz3d.com/index.php?refid=16130551'>Get 3D Models,
3D Content, and 3D Software at DAZ3D!</A>
Post a reply to this message
|
|