It's Time to Abandon Insecure Languages

Pete Chown Pete.Chown at skygate.co.uk
Thu Jul 18 14:18:49 EDT 2002 

> eWEEK July 8, 2002
> It's Time to Abandon Insecure Languages

> The security of the internet took a one-two combo to the gut ...

Ugh, looks like the English language did too. :-)

> These holes
> demonstrate that we must switch to writing security-sensitive code in
> managed environments, like the Java virtual machine or .Net run-time, that
> continually enforce code/data distinctions.

This is nonsense, you don't need a managed environment to get type
safety.  Pascal was being compiled ahead of time for years before Java
was ever thought of.  (You can break type safety in Pascal, but you have
to make an effort.)

If you want totally type safe languages that use ahead of time
compilation, look at Eiffel, Sather, the Bigloo Scheme compiler, and so
on.  Also don't forget gcj, which does ahead of time compilation for
Java with the same type checking that you get in the "managed
environment".

> We have to get over the bias that there's something dishonorable about
> choosing languages that prize safety over pure efficiency.

This I can agree with.  On the other hand I don't see Java as a language
that emphasises safety.  It may have type checking, but it has inherited
a lot of obscure syntax from C.  Remember, we aren't just interested in
avoiding type errors.  We have to reduce the overall bug counts, because
there are plenty of security holes that don't result from typing
problems.

It would be better to look at Eiffel (or Ada if you really must, but
personally I don't like it).  Eiffel has a Pascal-like syntax which is
more verbose than Java, but more readable.  You have to type a bit more,
but you don't waste hours debugging because you wrote "=" instead of
"==".  It has a few other special features to help you write bug free
code.  For example statement blocks can be annotated with conditions
that are supposed to be true on entry and exit.  This is supposed to
enforce a "programming by contract" mentality.

Perl-style tainting would be an interesting thing to add to another
language.  IMHO, Perl is not a good safe language because its syntax is
even more obscure than C's.  (It does have the advantage of being almost
completely type safe though.)  Tainting is a good security measure,
though, which would be good in a language like Eiffel.

-- 
Pete

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list