Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Illustrating the Risk of Unconstrained Strings
 On 2015-11-07 07:46, Costello, Roger L. wrote: Any such claims need to be based on clear surveys of actual data.Hi Folks, A colleague and I created a graphic which illustrates the risk of unconstrained strings: http://www.xfront.com/Illustrating-the-Risk-of-Unconstrained-Strings.pdf My experience has been that fixed-length buffers in C programs are symptomatic of less robust programming. Buffer overflow attacks succeed based on an attempt to put too much data into the space allocated. Size of character set may increase opportunities for visual glyph puns, where two different character sequence display sufficiently similarly to confuse humans. Mathematically, however, a 16-bit-long string has the same value space regardless of whether it's composed from a single 16-bit value or from two 8-bit values. Finally, what evidence did you use to determine the shape of your curve? Visualizations are useful if they uncover new relationships - if they allow us to make predictions or increase understanding. Are you suggesting a polynomial relation between character set, string length and security? Why? -- Liam Quin, W3C XML Activity Lead; Digital publishing; HTML Accessibility 
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
