"A string is not a built-in data type in C, instead it
is termed as a continguous sequence of characters terminated by a
NULL character (‘’). Now, many of the
“standard” string manipulation functions written in
early part of C development took this definition by heart, assumed
that a programmer always knows what he is doing (though I agree
that this MUST be true), and put out a code meant to be used in an
everyone-is-good world. Subsequently, the shortcomings were
noticed, stronger sibling functions were created but the older ones
are still supported because they are “standard”. This
means that naive programmers continue to use them and put their
programs’ security into jeopardy. This series will do an
in-depth analysis of such unsafe functions, tell you why they are
unsafe, and bring out what alternatives you have in-built and what
alternatives you can create."
