[plt-scheme] Why do folks implement statically typed languages?
On 5/31/07, Matthias Felleisen <matthias at ccs.neu.edu> wrote:
>
> On May 31, 2007, at 11:46 AM, Noel Welsh wrote:
>
> > Just came across this:
> >
> > http://www.sans-ssi.org/top_three.pdf
> >
> > It lists the top 3 errors causing security holes. They are:
> >
> > 1. Using unvalidated user input.
> > 2. Buffer overflow
> > 3. "Handling integers incorrectly"
> >
> > The former could be solved with a static type system. It can also be
> > addressed with dynamic checks with the usual tradeoffs.
>
> If you mean the 'first' I absolutely disagree. I bet that these are
> all about 'parsing' in the sense of read-line strings or collecting
> and consistency checking the status of GUI widgets.
I've started to think that strings are a bad idea. People use strings
*far* too often
to hold the printed representation of some abstract data. A couple of
primary examples are file names and urls. By keeping these objects as
strings, you completely bypass any type checking. Strings are usually
allowed to sail straight through any security layer (after all, they
are `just' strings) without validation or authorization info. In most
languages, strings are mutable, so it wouldn't matter if you *did*
validate them --- they could be changed after the fact.
If I could figure out how to deal with free-form text without using
strings, I'd ban them from the language right away.
--
~jrm