[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] Re: [Webappsec] Corsaire whitepaper: Breaking the Bank (Vulnerabilities in Numeric Processing within Financial Applications)
- From: Terrence Enger <tenger@xxxxxxxxxxxxxxxx>
- Subject: Re: [WEB SECURITY] Re: [Webappsec] Corsaire whitepaper: Breaking the Bank (Vulnerabilities in Numeric Processing within Financial Applications)
- Date: Wed, 16 Jul 2008 13:45:36 -0400
On Wed, 2008-07-16 at 20:07 +1000, silky wrote:
> On Wed, Jul 16, 2008 at 8:02 PM, Martin O'Neal
> <martin.oneal@xxxxxxxxxxxx> wrote:
> > > what financial institutions are
> > > using floating point and not decimal
> > > variables to represent their money?
> > > very few i'd guess. it hardly needs
> > > to be said that anyone using FP
> > > variables to do financial maths
> > > should be shot.
> >
> > LOL2; unfortunately you have guessed wrong. Do not pass go. Do not
> > collect ukp200. We see this kind of thing all the time in financial
> > applications.
>
> Well then you see some terribly-written financial apps. The ones I
> worked are not like this.
Programming routinely using fixed-point decimal arithmetic, I fail to
see why one would choose floating point. Still ... yup; seen 'em; even
had to match them.
I once delivered a program which had to report a money field "trucated
to the dollars". It cam back for rework: "round to the penny, then
truncate to to the dollar". Sigh.
> > Martin...
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
Brought to you by http://www.webappsec.org
Search this site
|