**ENORME* Agujero de SEGURIDAD en .NET

05/02/2005 - 20:43 por Pongo un circo y me crecen los ENANOS... | Informe spam
ENORME...ahora dira Tella que es mentira...si no sabes
programar...JAJAJA!!!!

Chueca Friend.


Huge security hole in .NET
Posted by xper on 04 Feb 2005 - 12:37 CET | There are 1 comment for
this story. Previous Post | Frontpage | Next Post
http://www.msfn.org/comments.php?shownews766

James Gosling has called Microsoft's decision to support C and C++ in
the common language runtime in .NET one of the "biggest and most
offensive mistakes that they could have made"

James Gosling, who is currently CTO of Sun's Developer Products group
and the father of the Java programming language, has called
Microsoft's decision to support C and C++ in the common language
runtime in .Net one of the "biggest and most offensive mistakes that
they could have made" as part of his speech to developers at an event
in Sydney earlier this week. He further commented that by including
the two languages into Microsoft's software development platform, the
company "has left open a security hole large enough to drive many,
many large trucks through".


According to Gosling, the security hole is based upon the fact that
several features of the older languages are ambivalent with regards to
security: "C++ allowed you to do arbitrary casting, arbitrary adding
of images and pointers, and converting them back and forth between
pointers in a very, very unstructured way.

"If you look at the security model in Java and the reliability model,
and a lot of things in the exception handling, they depend really
critically on the fact that there is some integrity to the properties
of objects. So if somebody gives you an object and says 'This is an
image', then it is an image. It's not like a pointer to a stream,
where it just casts an image," said Gosling.

Microsoft developer evangelist Charles Sterling didn't entirely
disagree with Gosling's comments, but he sought to clarify the issue
with .NET's security. Stirling pointed out that .NET defines different
sorts of code. "Managed" code is code that is executed under the
control of the .NET framework. New languages such as C# and Visual
Basic.NET only produce managed code.

Full story: uk.builder.com
http://uk.builder.com/programming/w...857,00.htm
 

Leer las respuestas

#1 Diego Calleja
05/02/2005 - 22:23 | Informe spam
El Sat, 5 Feb 2005 20:43:01 +0100 "Pongo un circo y me crecen los ENANOS..." escribió:

ENORME...ahora dira Tella que es mentira...si no sabes
programar...JAJAJA!!!!



James Gosling es el padre de Java. Lo de decir que el código no gestionado de
.net (que si no recuerdo mal necesita estar marcado explicitamente con
"unsafe" y con una opción especial del compilador) es un "fallo de seguridad"
es un buen metodo si eres el padre del lenguaje que hace competencia, pero
no tiene mucho sentido teniendo en cuenta que Solaris está hecho casi todo
en Cen otras palabras, al llamar Gosling "inseguro" a .net se lo está
llamando tambien a sus propios productos, lo cual es muy divertido :)

Preguntas similares