Continue to Site

Eng-Tips is the largest engineering community on the Internet

Intelligent Work Forums for Engineering Professionals

  • Congratulations pierreick on being selected by the Eng-Tips community for having the most helpful posts in the forums last week. Way to Go!

Data Security in C++ and C

Status
Not open for further replies.

Shivam Bhatele

Computer
May 17, 2022
1
Hello Everyone,I am learning C++ programming and working on a project. I want to know which data security is best between C and C++ programming. According to this post, C++ is a very secure language. It supports encapsulation of data in the form of objects- thus hiding the information and ensuring that one uses the structures and operators as intended but not an idea about C Programming. Cn anyone suggest me? which one is best?
 
Replies continue below

Recommended for you

Writing secure software requires a tremendous amount of experience. If you can't decide between C and C++ you don't have that experience and it won't matter which you start with.

Given that all valid C programs should compile under C++ compilers, it may be worthwhile to start in C++; the main security flaws that languages introduce is through libraries, particularly for input/output, especially when those functions are responsible for taking a formatting string from some other source. There are C functions that are less vulnerable, but that doesn't much affect how you write your programs.

It's worth remembering that C originated to be capable to write operating systems, programs that can do anything that is possible to be done to the software state of the machine, so it's possible to screw up and do some unwanted thing accidentally.
 
It's pretty trivial to make unintentional mistakes or unknowingly make mistakes; buffer overflows of all sorts have caused all sorts of issues in a slew of programs. Denial of Service (DoS) simply makes use of otherwise plausible response structures in web interfaces. Therefore, even the best languages and best libraries only protect you to the extent of the patches and fixes that have already occurred, but zero-days and errors can still bite you.

TTFN (ta ta for now)
I can do absolutely anything. I'm an expert! faq731-376 forum1529 Entire Forum list
 
Two that have amused me:

1) In Missouri, to give people some information about teachers, the programmers downloaded the entire database and let the browser limit what was shown; this information included little things like the Social Security numbers of every one of them and was seen by saying "Show Code" in the browser. The Governor tried to get the person who found and reported the flaw put into prison for "hacking" even though it was his own department leaking the otherwise confidential information.


2) Some insurance company decided to help people with a life insurance quotes - a person puts in their name and it sends back confidential information gathered from other sources and says, among others, "Is this your driver's license number?" So if you wanted to steal someone's identity - this company was there to help.

Little Bobby Tables is a permanent favorite.
 
Those are examples of lazy programmers, but that governor was, presumably still is, an ass; no one, including the police and judiciary, thought his accusations were even remotely plausible.

TTFN (ta ta for now)
I can do absolutely anything. I'm an expert! faq731-376 forum1529 Entire Forum list
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor