Are programs/OSes written in D more secure than programs written in C/C++?
Alex Rønne Petersen
alex at lycus.org
Wed Jun 6 16:01:55 PDT 2012
On 07-06-2012 00:04, J.Varghese wrote:
> I'm sure most of you have heard of the recent increase of high
> profile hacking and security violations. The PlayStation Network,
> RSA, LinkedIn, (today) and thousands of lower profile attacks.
> The Flame trojan also marks the rise of highly sophisticated
> state-sponsored cyberweapons.
>
> I'm not a programmer, so can someone explain this to me: Will
> programs and operating systems written in D be safer (I speak of
> both memory safety and security bugs) than existing operating
> systems written in C and C++? If so, what features and attributes
> of D make this the case? How much safer is it? Would it be
> possible to identify all the bugs in an OS written in D (within a
> reasonable timeframe) or is that still a pipedream?
>
> Thanks for replying. I have followed the development of D for a while. I
> just want to know how much safer D is than other languages. Curiosity
> and all that.
No programming language (today) can make cryptosystems more or less
mathematically secure. Nor can a programming language make your
business' IT infrastructure less susceptible to attacks (badly
configured firewalls, SQL injections, you name it).
What D *can* do, if you use the features that it gives you, is prevent a
set of common exploits in programs. For instance, D's slicing mechanism
for arrays is significantly more secure than raw operations on pointers
because an out-of-bounds read/write will cause the program to terminate.
So, buffer over-runs are not exploitable. Further, D has type-safe
variadic functions, so common printf exploits are impossible too. D also
prevents stack smashing (if you compile with GDC), but C has this
feature too.
So what D does is that it prevents small but common exploits in
programs. But that doesn't mean that your program is cryptographically
sound/secure, for example.
As always, It Depends (TM). :)
--
Alex Rønne Petersen
alex at lycus.org
http://lycus.org
More information about the Digitalmars-d
mailing list