| 1 |
On Tue, May 8, 2018 at 5:41 PM Canek Peláez Valdés <caneko@×××××.com> wrote: |
| 2 |
|
| 3 |
> On Tue, May 8, 2018 at 4:33 PM <mad.scientist.at.large@××××××××.com> |
| 4 |
wrote: |
| 5 |
> > |
| 6 |
> > So are there currently any languages (currently in use/supported) |
| 7 |
designed to avoid the problems with C and other languages? |
| 8 |
> > |
| 9 |
> > Something with strong types and provisions for automatic input |
| 10 |
validation beyond typing, i.e. range limitation? |
| 11 |
> > |
| 12 |
> > Something that compiles, something that doesn't self optimize (math may |
| 13 |
be good, but just like encryption the implementation can be |
| 14 |
flawed/exploitable due to various errors). Because you can't validate a |
| 15 |
moving target. |
| 16 |
> > |
| 17 |
> > something that strongly isolates data from code, something that |
| 18 |
protects the heap and stack aggressively (other than just os implemented |
| 19 |
mechanisms like stack canaries). |
| 20 |
> > |
| 21 |
> > Any suggestions? I'm going to be picking up programming again and I'd |
| 22 |
greatly prefer spending my time using a language that has security built in |
| 23 |
rather than depend on the application programmer adding protections after |
| 24 |
the fact. |
| 25 |
> > |
| 26 |
> > I'll still have to learn C as well, so I can understand/modify |
| 27 |
existing code but I'd like to be as proactive as possible about security |
| 28 |
and reliability in what I write. And again, something that compiles. Not |
| 29 |
specificly looking at writing web apps per say, though i'd also be |
| 30 |
interested in any well secured/proactive languages for some internet/LAN |
| 31 |
usage. |
| 32 |
|
| 33 |
> I think Go and Rust would fit the bill. |
| 34 |
|
| 35 |
|
| 36 |
Ada is the traditional example of this as well. |
| 37 |
|
| 38 |
Most high-level languages avoid a lot of the issues with C since they do |
| 39 |
their own memory management/etc. On the flip side a lot of them are not |
| 40 |
statically typed which can cause all kinds of runtime issues. Languages |
| 41 |
like Go/Rust/Ada which are statically typed but also which do their own |
| 42 |
memory management are probably the best of all world. Then again, they can |
| 43 |
also be more painful to work with. |
| 44 |
|
| 45 |
I can't rigorously compare them. I know Rust tends to be intended to be |
| 46 |
more suitable for systems programming (leaner/etc), and I believe Go tends |
| 47 |
to handle concurrency/etc and seems to be very much in fashion for |
| 48 |
general-purpose programming these days. I'm not sure how either compares |
| 49 |
to Ada, which has been around for a long time. |
| 50 |
|
| 51 |
-- |
| 52 |
Rich |
Archives