[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

Security in use of contants

Kless

8/17/2008 6:01:00 PM

Is secure use constants?

I come from Python and it isn't recommended there.
36 Answers

Phlip

8/17/2008 6:37:00 PM

0

Kless wrote:

> Is secure use constants?
>
> I come from Python and it isn't recommended there.

Use constants to avoid repeating a literal with the same meaning, such as '42',
in various locations in your code.

What do you mean by "secure"? Neither Ruby nor Python are secure from reverse
engineering, because all the source is hanging out visible for all to see!

--
Phlip

loolek

8/17/2008 7:03:00 PM

0

>
> What do you mean by "secure"? Neither Ruby nor Python are secure from reverse
> engineering, because all the source is hanging out visible for all to see!
>
> --
> Phlip

private static final int 42;

Or something like this...

Dejan Dimic

8/17/2008 7:06:00 PM

0

On Aug 17, 8:36 pm, Phlip <phlip2...@gmail.com> wrote:
> Kless wrote:
> > Is secure use constants?
>
> > I come from Python and it isn't recommended there.
>
> Use constants to avoid repeating a literal with the same meaning, such as '42',
> in various locations in your code.
>
> What do you mean by "secure"? Neither Ruby nor Python are secure from reverse
> engineering, because all the source is hanging out visible for all to see!
>
> --
>    Phlip

How do you come up with this question?

CONSTANTS are perhaps more secure in comparison to loops. :-)
Be avare of the interations.

Phlip

8/17/2008 7:13:00 PM

0

loolek wrote:

> private static final int 42;
>
> Or something like this...

What is secure about that? Nobody can ever change it?

Even in C, a language designed to compile directly to machine language with no
questions asked, you can still force a constant to change. You get "undefined
behavior", but you can still do it.

Don't worry about your constants changing. Just write clean code, and pay
attention to your warnings & test results, and you will be okay.

--
Phlip

loolek

8/17/2008 11:30:00 PM

0

"Nobody can ever change it?"

Yes, yes -> i mean, under the java vm security control -> nobody can
change it.

That's cool for me -> but means nothing for a serious hacker...

peter

loolek

8/17/2008 11:36:00 PM

0

"Don't worry about your constants changing."

My job is -> be full secure !!!

So, i am worring about this -> "small ruby leak"....

Do you need a case study -> for this "bad" situation, becouse a week
constant guarding (for example in C)?

"Just write clean code, and pay attention to your warnings & test
results, and you will be okay."

Thanks buddy.........you help a lot :P

peter

Tim Hunter

8/18/2008 12:36:00 AM

0

loolek wrote:
> "Don't worry about your constants changing."
>
> My job is -> be full secure !!!
>
> So, i am worring about this -> "small ruby leak"....
>
> Do you need a case study -> for this "bad" situation, becouse a week
> constant guarding (for example in C)?

I admit it, I'm largely ignorant of security issues. What kind of bad
thing can you do with Ruby constants?

--
RMagick: http://rmagick.ruby...

Phlip

8/18/2008 1:20:00 AM

0

loolek wrote:

> "Don't worry about your constants changing."

> My job is -> be full secure !!!

Static type checking (constant, private, etc.) only provide negative
reinforcement that code might work as designed. Unit tests provide positive
reinforcement that your features behave as expected. Code with wall-to-wall unit
tests is better than any code with all kinds of constants, privates, and typechecks.

--
Phlip

Marc Heiler

8/18/2008 1:33:00 AM

0

> I admit it, I'm largely ignorant of security issues. What kind of
> bad thing can you do with Ruby constants?

It depends on the coder in question:

- matz once single handedly trapped Chuck Norris within a constant void.

- Lesser ruby coders may utterly fail in doing so, ending up as bloody
BBQ.

Also, there exists believable rumours that one can do time travels with
constants, if used in the right way (full moon, 12 fresh sheep, some old
gold coins and a pirate curse...)

But again beware, only those strong in will may succeed...
--
Posted via http://www.ruby-....

loolek

8/18/2008 3:07:00 AM

0

"What kind of bad thing can you do with Ruby constants? "

I think this is not the question of ruby. Imagine this -> there is a
constant that holds the value that triggers the cooler sticks in a
nuclear power plant. Than the bad guy "overwrites" it, what comes
next ?

A BIG CRASH BANG

"I'm largely ignorant"

Are you sure, you will be ingnorant if you where living in the next
city from the plant ?

peter