From: "Geo." 

"Mike N."  wrote in message
news:5q8bq2hs30r00p05u6r61a5l8du7l7blgu{at}4ax.com...

>  A web server hosts potentially hostile users on the inside, who seek to
> escalate their privilege.   In addition, the web server is constantly
> probed from the outside for misconfigurations in any app.   Quite a
> contrast to the home media server which is NATted off of the internet.

Ok, public web server does have untrusted users. However home servers are
usually accessed by machines running fileshare networks. One virus and they
get infected then log into some remote irc server for further
instructions..

> But never say never - look at the stupid Java sandbox VM exploits.

Exactly. Give it time.

>   Re: Writing bad code - it's not that end users write code, but mostly
> poorly trained newbies operating under the whip of management and
> marketing
> to ship ASAP.   If they get a result that looks close, it's ready to
> deploy.   Never mind that the input is not checked, no consideration of
> overflow or nonsense input.

I just think the difference is marginal at best, if the outfit writing the
code is newbies then you get the same crap no matter what they use to code
it. I'll give you that it might help good programmers not make stupid
mistakes.

>   An exploitable shared function with a problem only if an app calls it.
> Furthermore, that function call would need to fall under the control of an
> external system or file.  No worse than some of the C or Windows Run Time
> Library exploits of 3-4 years ago that affected many apps.

No worse, no better? How about bigger target?

Geo.

--- BBBS/NT v4.01 Flag-5