Programming/Scripting Resource

John Macdonald john-Z7w/En0MP3xWk0Htik3J/w at public.gmane.org
Thu Jan 11 17:36:19 UTC 2007 

On Thu, Jan 11, 2007 at 10:34:43AM -0500, John Van Ostrand wrote:
> I don't think PHP is the problem. Its popularity combined with sloppy
> coding is the cause of the large number of exploits. The article even
> states this. Perhaps one can say that sloppy web coders choose PHP.
> 
> It would be nice if a language made it easy to program more securely.
> 
> Take one of the common exploits, SQL code injection. A programmer
> displays an HTML form, accepts data from it and uses that data in an SQL
> statement without checking.

I'm not sure if this is the same article that I saw, but
something like this SQL injection was referred to in the
acticle I saw.  The issue was that the PHP examples on the
official web site demonstrated the accept data and use it
without checking paradigm and did not mention that there
might be any danger in doing so.  *That* is a problem with
the language designers/promoters.  Treating security as an
afterthought final stage of programming guarantees that the
program will be insecure.  (As has been amply demonstrated
by Microsoft.)

> Aside from Perl (with non-default settings), what language helps to
> force the user to clean the data first?

AFAIK, Perl is the only language to have something like taint
mode built into the language to tag data that comes from
an insecure source and track its usage to ensure that only
sanitized pieces of that data ever gets used in a context that
might have security implications (but there are probably LISP
variants that do, and perhaps others).  Since Perl is used
for far more things that running web scripts that interact
with potential attackers; the fact that taint mode is not the
default has reasonable justfication.  Having to double the
length of one-liner scripts to turn off tainting would be a
significant imposition.  Perl does use taint mode by default
whenever it is run setuid - the circumstance that is clearly
always running with inputs from a source that is not the same
user as the program, and hence can be considered untrustworthy.

Java has some sort of sandboxing to provide security support
for running untrusted downloaded scripts - I don't know the
exact details.  Perl provides the Safe module to do that (but
it is probably impossible to do this perfectly safely without
adding so many restrictions as to make the downloaded script
incapable of doing anything of value - this is likely in the
same sort of range as the halting problem).  There are surely
other languages that try to provide sandboxing in some way.

-- 
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists

More information about the Legacy mailing list