Secure Coding mailing list archives
Re: Programming languages used for security
From: James Walden <jwalden () eecs utoledo edu>
Date: Sat, 10 Jul 2004 21:38:17 +0100
Wall, Kevin wrote: My vary reason for posing these questions is to see if there is any type of consensus at all on what mechanisms / features a language should and should not support WITH RESPECT TO SECURE PROGRAMMING. For example, you mentioned garbage collection. To that I would add things like strong static typing, encapsulation that can not be violated, very restrictive automatic type conversion (if allowed at all), closed "packages" or libraries or some other programming unit, elegant syntax and semanatics (oops, said I wouldn't go there ;-), etc. In the past few days (actually, all through my career), I've hear a lot of gripes about what people think is wrong regarding languages, but little in terms of what they think is valuable. Off the top of my head, I'd like some of the features you mentioned, like Garbage collection Static typing (with no auto conversions, but with type inferencing) Secure encapsulation I'd also add a rich set of data types, including: Numeric types with restrictions as Larry Kilgallen mentioned earlier and unlimited precision types Strings Lists Arrays (bounds-checked) Associative arrays (aka hashes) Unions (as in ocaml, not C, which will also provide enumerated and boolean types) Functions (first-class functions) XML (like Xen) I also want a taint checking feature like perl's, as a general purpose language has to communicate with external programs which don't share its data types, like web servers sending CGI parameter strings or databases receiving SQL query strings. As for syntax, I want to be able to use functional, imperative, or object-oriented techniques as best fit my problem domain. -- James Walden, Ph.D. Visiting Assistant Professor of EECS The University of Toledo @ LCCC http://www.eecs.utoledo.edu/~jwalden/ [EMAIL PROTECTED]
Current thread:
- Re: Programming languages used for security, (continued)
- Re: Programming languages used for security ljknews (Jul 09)
- Re: Programming languages used for security Crispin Cowan (Jul 09)
- RE: Programming languages used for security David Crocker (Jul 09)
- Re: Programming languages used for security Crispin Cowan (Jul 09)
- Re: Programming languages used for security Dana Epp (Jul 10)
- Re: Programming languages used for security Crispin Cowan (Jul 10)
- RE: Programming languages used for security David Crocker (Jul 10)
- Re: Programming languages used for security der Mouse (Jul 10)
- Re: Programming languages used for security Crispin Cowan (Jul 09)
- Re: Programming languages used for security ljknews (Jul 09)
- Re: Programming languages used for security der Mouse (Jul 10)
- Re: Programming languages used for security James Walden (Jul 10)