On 2009-12-08, David Masover <ninja / slaphack.com> wrote:
> Compare any of these to C. You probably could write a web app in C. You 
> probably could be about as efficient with it. You could be disciplined enough 
> to never do pointer arithmetic,

This is hardly necessary.  Pointer arithmetic can certainly be done safely.

> Think about that for a moment. In languages like Ruby and PHP, a buffer 
> overflow is actually not possible. You might get it in a third-party library 
> written in another language (like C), but you can't do it yourself. But in C, 
> it's not only possible, it's a very easy mistake to make, and a hard one to 
> avoid.

I'm not sold on this.  I don't think I've had any buffer overflows in my
code in years.  It's pretty easy -- if I'm about to use a buffer, I make
sure I know what I'm using it for and that I cap any copies and/or report
failure if there's not enough space.

I agree that it requires actual effort, as opposed to being implicit.

FWIW, I hate PHP.  I had to learn it once, and I still have to think about
bleach any time I have to think about it.  The killer for me was discovering
that there was a thing like a function pointer which could be used only
for user-defined functions, not built-in functions.

-s
-- 
Copyright 2009, all wrongs reversed.  Peter Seebach / usenet-nospam / seebs.net
http://www.seebs.net/log/ <-- lawsuits, religion, and funny pictures
http://en.wikipedia.org/wiki/Fair_Game_(Scientology) <-- get educated!