>>>>> "WA" == Wichert Akkerman <wichert@cistron.nl> writes:
WA> It's just as easy to write insecure perl scripts as it is to write
WA> insecure shell scripts. Tainting only protects you from a couple of
WA> mistakes, but not all.
WA> Secure programming is not a language feature, it is something a
WA> programmer must be aware of for every line of code he writes, and
WA> even more importantly when making the initial design.
But some languages allows to write secure code more easily that others
(read it as 'not very experienced programmers have less opportunity to
make errors'). Anyway I agree that experienced programer can write
secure code in any language unless language has some very serious
design floaws.
What I want to say is that rewriting Perl scripts to C or shell
scripts hardly will make them more secure.
P.S. Taint mode. Again - why Perl scripts in debian don't use it?
--
Ilya Martynov
AGAVA Software Company, http://www.agava.com