|
|
|
|
|
|
by nupark
5556 days ago
|
|
|
I honestly have no idea what you're talking about or advocating, if anything. If you switch to the JVM, a buffer overflow triggers determinate behavior -- it throws an exception rather than writing over the saved return address or the heap. The attack surface is by it's nature is much smaller than if you rely on programmer correctness in C. As for inserting tags "dynamically," this sounds like a broken templating system if that means exposing the programmer to fail-fast (instead of fail-safe) escaping APIs. |
|
|