[Info-vax] OS implementation languages

Johnny Billquist bqt at softjar.se
Sat Sep 9 14:44:20 EDT 2023 

On 2023-09-09 19:25, Arne Vajhøj wrote:
> On 9/9/2023 12:53 PM, bill wrote:
>> On 9/9/2023 12:14 PM, Arne Vajhøj wrote:
>>> On 9/9/2023 11:45 AM, bill wrote:
>>>> On 9/9/2023 11:19 AM, Arne Vajhøj wrote:
>>>>> On 9/8/2023 6:59 PM, bill wrote:
>>>>>> On 9/8/2023 2:05 PM, Simon Clubley wrote:
>>>>>>> Unfortunately, I _do_ have to use PHP sometimes.
>>>>>>>
>>>>>>> It didn't take me long to establish some solid rules, such as strict
>>>>>>> comparisons at _all_ times, and to use a monitor library I wrote 
>>>>>>> that
>>>>>>> has the allowed error level turned all the way down so that things
>>>>>>> which PHP normally allows through generate an error instead.
>>>>>>
>>>>>> I had to support it at the University because we had a professor
>>>>>> who insisted on teaching it, using it and making his students use
>>>>>> it.  No matter how many time I showed him the security holes he
>>>>>> just insisted I was wrong and that it be available  and wide open.
>>>>>
>>>>> Maybe he had this crazy idea that programming code
>>>>> read input, does some processing and write output and that
>>>>> the main responsibility for correctness, security, performance
>>>>> and whatever belongs with the person writing the code.
>>>>>
>>>>> :-)
>>>>
>>>> Nice thought, but the particular problem I was fighting was
>>>> inherent to PHP and the programmer can only stop it by using
>>>> a better tool.
>>>
>>> You are aware that PHP is Turing complete?
>>
>> Which means what in the concept of security?  It has nothing
>> to do with the syntax or even the function of the programs
>> written with it.
> 
> It means that you did not have to rewrite in another language to
> fix the problem.

That definitely does not neccesarily follow.

Consider for example C and some language like BASIC, which have full 
control over strings.
Both are turing complete. But if you want to avoid the problem of 
strings being handled as pointers to chunks of memory terminated by a 
NUL, then you need to move away from C (to for example BASIC).
You cannot "fix" the problem of how C looks at strings.

The turing complete aspect have nothing to do with that.

   Johnny

More information about the Info-vax mailing list