[WEB SECURITY] RE: [Webappsec] Corsaire whitepaper: Breaking the Bank (Vulnerabilities in Numeric Processing within Financial Applications)
Martin O'Neal
martin.oneal at corsaire.com
Wed Jul 16 06:02:43 EDT 2008
> this is fairly stupid.
LOL; more stupid than vacuous name calling, or less?
> what financial institutions are
> using floating point and not decimal
> variables to represent their money?
> very few i'd guess. it hardly needs
> to be said that anyone using FP
> variables to do financial maths
> should be shot.
LOL2; unfortunately you have guessed wrong. Do not pass go. Do not
collect ukp200. We see this kind of thing all the time in financial
applications.
> your last recommendation for c# is
> wrong. == is fine for numbers. your
> test above even proves it!
Er, obviously you have become confused due of the ambiguity of the bit
where it says "This type of caching does not exist in C# as can be seen
from the equivalent code example".
Thanks for the constructive criticism though.
Martin...
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
More information about the websecurity
mailing list