The road to managed code
ON JUNE 6, Microsoft posted security bulletin MS02-026,
titled "Unchecked Buffer in ASP .Net Worker Process." Tongues
immediately began to wag. Wasn't .Net supposed to prevent this sort
of thing? It's true that managed code avoids the buffer overflows
that trigger so many security snafus. But the ASP .Net engine, a
.Net component, is not itself written wholly in managed code, and
the security flaw was in an unmanaged function. Work was "currently
under way," the bulletin said, "to migrate all functions over to
the .Net Framework." That migration is an epic journey that makes
the trip from 16-bit to 32-bit code look like a weekend jaunt.
[Full story at
InfoWorld.com.]
Former URL: http://weblog.infoworld.com/udell/2002/10/07.html#a436