| 1 |
On Tue, May 8, 2018 at 4:33 PM <mad.scientist.at.large@××××××××.com> wrote: |
| 2 |
> |
| 3 |
> So are there currently any languages (currently in use/supported) |
| 4 |
designed to avoid the problems with C and other languages? |
| 5 |
> |
| 6 |
> Something with strong types and provisions for automatic input validation |
| 7 |
beyond typing, i.e. range limitation? |
| 8 |
> |
| 9 |
> Something that compiles, something that doesn't self optimize (math may |
| 10 |
be good, but just like encryption the implementation can be |
| 11 |
flawed/exploitable due to various errors). Because you can't validate a |
| 12 |
moving target. |
| 13 |
> |
| 14 |
> something that strongly isolates data from code, something that protects |
| 15 |
the heap and stack aggressively (other than just os implemented mechanisms |
| 16 |
like stack canaries). |
| 17 |
> |
| 18 |
> Any suggestions? I'm going to be picking up programming again and I'd |
| 19 |
greatly prefer spending my time using a language that has security built in |
| 20 |
rather than depend on the application programmer adding protections after |
| 21 |
the fact. |
| 22 |
> |
| 23 |
> I'll still have to learn C as well, so I can understand/modify existing |
| 24 |
code but I'd like to be as proactive as possible about security and |
| 25 |
reliability in what I write. And again, something that compiles. Not |
| 26 |
specificly looking at writing web apps per say, though i'd also be |
| 27 |
interested in any well secured/proactive languages for some internet/LAN |
| 28 |
usage. |
| 29 |
|
| 30 |
I think Go and Rust would fit the bill. |
| 31 |
|
| 32 |
Regards. |
| 33 |
-- |
| 34 |
Dr. Canek Peláez Valdés |
| 35 |
Profesor de Carrera Asociado C |
| 36 |
Departamento de Matemáticas |
| 37 |
Facultad de Ciencias |
| 38 |
Universidad Nacional Autónoma de México |
Archives