[CSS_ACM_General_List] a question

Zoko, Anthony azoko at cdm.depaul.edu
Tue May 24 13:48:34 CDT 2011


> I'm finding that the ease of python gets old after a while.

It's important to use the right tool, for the write job.... For the right reasons.
C maybe more entertaining for you to write a web app but you'll spend much more time writing needless code and leaving your applications open to attack.
Last thing you want is someone pwning your server...
It's one thing if you're just experimenting with the technology.  If you're actually building something for a client or at your work place, you have to look beyond what is entertaining to what gets the job done in the most reasonable manner.

Anthony Zoko
Software Development Manager/ Architect
DePaul University
College of Computing and Digital Media (CDM) http://www.cdm.depaul.edu<http://www.cdm.depaul.edu/>

From: css_acm_general_list-bounces at mailman.depaul.edu [mailto:css_acm_general_list-bounces at mailman.depaul.edu] On Behalf Of Sean Neilan
Sent: Tuesday, May 24, 2011 1:40 PM
To: Kristoff, John
Cc: css_acm_general_list at mailman.depaul.edu
Subject: Re: [CSS_ACM_General_List] a question

That's what I'm curious about is how python manages the mallocs and frees. There's some kind of machine that does that. I understand that buffer overflows can be prevented by not going over array indexes, but, what if you want to store everything that goes into a server?

Python appears to manage large amounts of data extraordinarily well. http://docs.python.org/c-api/memory.html

I would like to write web software in C but still have the memory management capabilities of python so I don't run into buffer overflows.

I'm finding that the ease of python gets old after a while.

On Tue, May 24, 2011 at 1:29 PM, John Kristoff <jtk at depaul.edu<mailto:jtk at depaul.edu>> wrote:
On Tue, May 24, 2011 at 11:54:29AM -0500, Sean Neilan wrote:
> What happens in Python that generally doesn't happen in a server in C to
> prevent buffer overflows? Why should Python have an advantage over the
> language it was written in?
Python and other languages like it generally make it much harder for
you to mess up in this way.  In C, your variables, most notoriously
strings, require you to allocate and properly use the memory set aside
for them.  For instance,

 char foo[80];

Sets up 80 bytes for a string named 'foo'.  What happens when you
try to put 81 bytes into that variable?  Well, if you code safely
that won't happen, but say you did something like this:

 gets(foo);

It is trivial to give more than 80 bytes via gets and, voila, buffer
overflow.

In Python, and others, memory is managed automatically for you as
needed.  In Python, you don't even need to allocate memory for foo.
It could be a string of arbritrary size, Python will figure out and
handle all the memory management for you.  Even if foo changes
drastically throughout your running program, it's not something you
have to manage directly.  Memory management is all handled under the
covers for you.  I don't know Python well, but I imagine under the
covers is essentially mallocs and frees that do this for you.

Of course, you might be able to stuff foo full of data exceeding the
resources of the running system, but that is a slightly separate issue.

Note, even with Python's memory management doing all the work for
you, you may not entirely be rid of buffer overflows if the underlying
language implementation has a bug.  For example:

 <http://www.securityfocus.com/bid/30491>

John

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.depaul.edu/pipermail/css_acm_general_list/attachments/20110524/0cf42988/attachment-0001.html 


More information about the CSS_ACM_General_List mailing list