OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Re: [xml-dev] Illustrating the Risk of Unconstrained Strings

On 2015-11-07 07:46, Costello, Roger L. wrote:
Hi Folks,

A colleague and I created a graphic which illustrates the risk of
unconstrained strings:

Any such claims need to be based on clear surveys of actual data.
My experience has been that fixed-length buffers in C programs are
symptomatic of less robust programming. Buffer overflow attacks succeed
based on an attempt to put too much data into the space allocated.

Size of character set may increase opportunities for visual glyph puns,
where two different character sequence display sufficiently similarly to
confuse humans. Mathematically, however, a 16-bit-long string has the
same value space regardless of whether it's composed from a single 16-bit
value or from two 8-bit values.

Finally, what evidence did you use to determine the shape of your curve?
Visualizations are useful if they uncover new relationships - if they
allow us to make predictions or increase understanding. Are you suggesting
a polynomial relation between character set, string length and security? Why?

Liam Quin, W3C
XML Activity Lead;
Digital publishing; HTML Accessibility

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS