Python secure?

Reid Nichol rnichol_rrc at
Tue Aug 17 06:50:47 CEST 2004

Peter Hansen wrote:
> Reid Nichol wrote:
>> And because some M$ employee did something sloppy it is an implication 
>> that C is bad.  Hell, even strncpy can be dangerous.  How many times 
>> do I have to say the responsibility is the programmers, *not* the 
>> language.
> The *responsibility* is clearly the programmer's, but the *language*
> tends to encourage or discourage certain kinds of programmer behaviour,
> including the writing of secure code.
> Surely you wouldn't argue that all languages promote different
> kinds of coding equally well, or even that the choice of language
> has *no impact whatsoever* on how a programmer will code, or what
> kinds of solutions he will attempt to use in his code?
> -Peter

Here, this programmer made a rookie mistake.  (S)he clearly had no 
business writing the code (s)he did.  It isn't the languages fault, it's 
the programmers.

In general, I believe that if the programmer is a poor programmer then 
they'll find a way to mess up no matter what language they use.  The 
language will just state how big that mess up can/will be on average.

But, if someone wants secure programming done and they charge a rookie 
to do it, they get what they deserve.  If they want secure code and they 
hire an years guru (at the language) coder that knows nothing of writing 
*secure* code, they get what they deserve.

The ability to write secure programs is a rare talent and those that 
need it, need to develop the ability to see this quality in there 
employees (or the ability to find them).  This isn't something that 
anyone can pick up and learn, one must have something inside them that 
enables them to do it.  And all that evidence that was spoken of merely 
supports the fact that it is a rare talent indeed.

More information about the Python-list mailing list