[plt-scheme] Why do folks implement statically typed languages?
On Thu, May 31, 2007 at 10:24:39AM -0700, Joe Marshall wrote:
> On 5/31/07, Matthias Felleisen <matthias at ccs.neu.edu> wrote:
> >
> >On May 31, 2007, at 11:46 AM, Noel Welsh wrote:
> >
> >> Just came across this:
> >>
> >> http://www.sans-ssi.org/top_three.pdf
> >>
> >> It lists the top 3 errors causing security holes. They are:
> >>
> >> 1. Using unvalidated user input.
> >> 2. Buffer overflow
> >> 3. "Handling integers incorrectly"
> >>
> >> The former could be solved with a static type system. It can also be
> >> addressed with dynamic checks with the usual tradeoffs.
> >
> >If you mean the 'first' I absolutely disagree. I bet that these are
> >all about 'parsing' in the sense of read-line strings or collecting
> >and consistency checking the status of GUI widgets.
>
> I've started to think that strings are a bad idea. People use strings
> *far* too often
> to hold the printed representation of some abstract data. A couple of
> primary examples are file names and urls. By keeping these objects as
> strings, you completely bypass any type checking. Strings are usually
> allowed to sail straight through any security layer (after all, they
> are `just' strings) without validation or authorization info. In most
> languages, strings are mutable, so it wouldn't matter if you *did*
> validate them --- they could be changed after the fact.
The ultimate way of avoiding type-checks -- static or dynamic -- while
appearing to be properly typed because they're implicit in the language.
>
> If I could figure out how to deal with free-form text without using
> strings, I'd ban them from the language right away.
>
> --
> ~jrm
> _________________________________________________
> For list-related administrative tasks:
> http://list.cs.brown.edu/mailman/listinfo/plt-scheme