07-18-2008
23,
0
Join Date: Apr 2006
Last Activity: 24 July 2008, 7:12 PM EDT
Location: Northern Virginia
Posts: 23
Thanks Given: 0
Thanked 0 Times in 0 Posts
I would recommend that the writer look into bcopy() and bzero(). If memory serves, they are the original primitives, and thus the most efficient. In the C++ world, string objects help protect the programmer from [him|her]self and tend the details. Certainly this is at the cost of efficiency, but then these days performance is a balance to reuse in the application programming space.
I am sorry to say that there are many environments where the management doesn't want anything but scripting tools like bash/csh/perl/php because they can't afford programmers who know C and C++. Their words, not mine, by the way. So then what I used to think of as prototyping tools now become what is used in production. That means that the security review must include not only software but also the underlying interpreter.