[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
Re: [xml-dev] Illustrating the Risk of Unconstrained Strings
- From: Liam Quin <liam@w3.org>
- To: "Costello, Roger L." <costello@mitre.org>
- Date: Sat, 07 Nov 2015 15:39:52 -0500
On 2015-11-07 07:46, Costello, Roger L. wrote:
Hi Folks,
A colleague and I created a graphic which illustrates the risk of
unconstrained strings:
http://www.xfront.com/Illustrating-the-Risk-of-Unconstrained-Strings.pdf
Any such claims need to be based on clear surveys of actual data.
My experience has been that fixed-length buffers in C programs are
symptomatic of less robust programming. Buffer overflow attacks succeed
based on an attempt to put too much data into the space allocated.
Size of character set may increase opportunities for visual glyph puns,
where two different character sequence display sufficiently similarly to
confuse humans. Mathematically, however, a 16-bit-long string has the
same value space regardless of whether it's composed from a single
16-bit
value or from two 8-bit values.
Finally, what evidence did you use to determine the shape of your curve?
Visualizations are useful if they uncover new relationships - if they
allow us to make predictions or increase understanding. Are you
suggesting
a polynomial relation between character set, string length and security?
Why?
--
Liam Quin, W3C
XML Activity Lead;
Digital publishing; HTML Accessibility
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
