What is the relationship between OOP and code security?

9

Is there any basis for thinking that an object-oriented programming style is safer than structural?

    
asked by anonymous 11.08.2015 / 04:00

1 answer

13

I'll answer the part that you can answer here. Listening to attack forms, something that is changeable, does not get anywhere and this type of response is not part of the site philosophy, as well as being too broad without context. Besides this is mixing subject, terms, then it would be difficult to answer everything. Here are some good sources about security, just search. To have real understanding you have to study the subject deeply.

There is no direct relationship between the programming paradigm and security. The security of access to memory and possibly data can influence more directly. The way each program and the quality of programmers influence directly.

I have never seen a study that shows that there is an indirect relationship. Some people will say that OOP has made the code more organized, others will say that it made the code more complex. There may be some relationship but it is very fragile and difficult to measure objectively.

Taking the case of PHP the improvement of security over time has more to do with bug fixes, better libraries, possibly better information than the introduction of OOP. There is a feature included in the language because of the object orientation that helped the security be better. It has never been the goal of the paradigm to do this.

Contract orientation can influence indirectly as this paradigm searches for more reliable codes. Even so, it is indirect and very little. Security is dependent on many factors and no language or paradigm can help much. What can happen is to give more facilities to not commit certain types of error.

My experience is that anyone who programmed well and knew how to make the code safe continued to do this in the same way by programming object-oriented, or even continued with imperative programming. Who did not know what he was doing and did not learn anything, or is making codes more confusing and insecure with object orientation or is the same thing. If it improved it was because it was better informed.

In some cases OOP is used to give more flexibility and this can open more doors of attacks. Depending on what you do, indirectly OOP can worsen security. But it's a huge can and yet it's indirect. It is that the paradigm has only made it easier to do something feared in another paradigm. I found a study that goes this way proposing solutions. But almost nobody learns about these things and makes mistakes.

To conclude, there is no cake recipe for anything on programming other than very simple and low-requirement things. In security it has less yet. You have to understand all the basics of computing in depth, gain experience, be very attentive and disciplined, and of course, know what to do in each situation. Usually a security specialist is hired when this really matters. Otherwise, you do your best and you will sort things out as needed.

    
11.08.2015 / 04:42