1 |
On Tue, May 8, 2018 at 4:33 PM <mad.scientist.at.large@××××××××.com> wrote: |
2 |
> |
3 |
> So are there currently any languages (currently in use/supported) |
4 |
designed to avoid the problems with C and other languages? |
5 |
> |
6 |
> Something with strong types and provisions for automatic input validation |
7 |
beyond typing, i.e. range limitation? |
8 |
> |
9 |
> Something that compiles, something that doesn't self optimize (math may |
10 |
be good, but just like encryption the implementation can be |
11 |
flawed/exploitable due to various errors). Because you can't validate a |
12 |
moving target. |
13 |
> |
14 |
> something that strongly isolates data from code, something that protects |
15 |
the heap and stack aggressively (other than just os implemented mechanisms |
16 |
like stack canaries). |
17 |
> |
18 |
> Any suggestions? I'm going to be picking up programming again and I'd |
19 |
greatly prefer spending my time using a language that has security built in |
20 |
rather than depend on the application programmer adding protections after |
21 |
the fact. |
22 |
> |
23 |
> I'll still have to learn C as well, so I can understand/modify existing |
24 |
code but I'd like to be as proactive as possible about security and |
25 |
reliability in what I write. And again, something that compiles. Not |
26 |
specificly looking at writing web apps per say, though i'd also be |
27 |
interested in any well secured/proactive languages for some internet/LAN |
28 |
usage. |
29 |
|
30 |
I think Go and Rust would fit the bill. |
31 |
|
32 |
Regards. |
33 |
-- |
34 |
Dr. Canek Peláez Valdés |
35 |
Profesor de Carrera Asociado C |
36 |
Departamento de Matemáticas |
37 |
Facultad de Ciencias |
38 |
Universidad Nacional Autónoma de México |