But memory leaks are not usually a security risk, and they are not invisible bugs.
/ Martin Nilsson (Åskblod)
Previous text:
2003-01-28 08:35: Subject: Re: OpenSSL wrapper vs Pike's SSL (Was: Bz2)
On Tue, Jan 28, 2003 at 01:20:01AM +0100, Martin Nilsson (Åskblod) @ Pike (-) developers forum wrote:
One obvious disadvantage with OpenSSL though is that it is written in C, and thus is more likely to have bugs causing security holes.
One obvious disadvantage with Pike is that it is used by humans, which tend to make mistakes :) "Guns don't kill people, people kill people".
There is no (and will never be) any _safe_ language, until there are a lot of "unsafe" programmers around. :)
Proper code can be written in C, in Perl, even in asm - if you know what you are doing. Yes, it is extremely difficult (if ever possible) to leave (or create) a buffer overflov like hole in Pike app, but it is quite easy to leave another hole (like memory leak - where objects are never completely dereferenced so GC won't help).
Regards, /Al
/ Brevbäraren