1 |
On Tue, May 8, 2018 at 5:41 PM Canek Peláez Valdés <caneko@×××××.com> wrote: |
2 |
|
3 |
> On Tue, May 8, 2018 at 4:33 PM <mad.scientist.at.large@××××××××.com> |
4 |
wrote: |
5 |
> > |
6 |
> > So are there currently any languages (currently in use/supported) |
7 |
designed to avoid the problems with C and other languages? |
8 |
> > |
9 |
> > Something with strong types and provisions for automatic input |
10 |
validation beyond typing, i.e. range limitation? |
11 |
> > |
12 |
> > Something that compiles, something that doesn't self optimize (math may |
13 |
be good, but just like encryption the implementation can be |
14 |
flawed/exploitable due to various errors). Because you can't validate a |
15 |
moving target. |
16 |
> > |
17 |
> > something that strongly isolates data from code, something that |
18 |
protects the heap and stack aggressively (other than just os implemented |
19 |
mechanisms like stack canaries). |
20 |
> > |
21 |
> > Any suggestions? I'm going to be picking up programming again and I'd |
22 |
greatly prefer spending my time using a language that has security built in |
23 |
rather than depend on the application programmer adding protections after |
24 |
the fact. |
25 |
> > |
26 |
> > I'll still have to learn C as well, so I can understand/modify |
27 |
existing code but I'd like to be as proactive as possible about security |
28 |
and reliability in what I write. And again, something that compiles. Not |
29 |
specificly looking at writing web apps per say, though i'd also be |
30 |
interested in any well secured/proactive languages for some internet/LAN |
31 |
usage. |
32 |
|
33 |
> I think Go and Rust would fit the bill. |
34 |
|
35 |
|
36 |
Ada is the traditional example of this as well. |
37 |
|
38 |
Most high-level languages avoid a lot of the issues with C since they do |
39 |
their own memory management/etc. On the flip side a lot of them are not |
40 |
statically typed which can cause all kinds of runtime issues. Languages |
41 |
like Go/Rust/Ada which are statically typed but also which do their own |
42 |
memory management are probably the best of all world. Then again, they can |
43 |
also be more painful to work with. |
44 |
|
45 |
I can't rigorously compare them. I know Rust tends to be intended to be |
46 |
more suitable for systems programming (leaner/etc), and I believe Go tends |
47 |
to handle concurrency/etc and seems to be very much in fashion for |
48 |
general-purpose programming these days. I'm not sure how either compares |
49 |
to Ada, which has been around for a long time. |
50 |
|
51 |
-- |
52 |
Rich |