On Sat, Jul 26, 2003 at 05:13:28PM -0500, Nick Reinking wrote:
On Sun, Jul 27, 2003 at 12:07:39AM +0200, Tomasz
Wegrzanowski wrote:
On Sat, Jul 26, 2003 at 05:00:50PM -0500, Nick
Reinking wrote:
I think we would be better off cleaning up the
admittedly messy PHP code and possibly adding in my C parser (if I
ever get around to getting the ugly list syntax working).
If someone doesn't understand this yet:
NO C CODE SHOULD BE USED ON WIKIPEDIA EVER
It's suicidally insecure.
That's rediculous - just because C can be insecure doesn't mean it has
to be. We rely on PHP every day, which, surprise surprise, is written
in C. What do you think PHP is? It's just a C program that interprets
specially formatted HTML and runs a bunch of internal C functions. As
such, it is just as suspect to buffer overflows and what-not as any
custom written C code that we might write.
Many people thought they are wise enough not to do any such mistake,
and they have been all proven wrong. Even such security paranoids
as OpenBSD people.
We are using C code all the time, but this code have been checked
by thousands of people, and despite this, stack and heap overflows
are being found in it all the time.
Risk is too high, and benefit is too small.
Anyway, lex and yacc are available for almost all languages,
that's no excuse for using C.