((( [logo]Racket )))Need Help?
AboutDownloadDocumentationPLaneTCommunityLearning

[plt-scheme] Why do folks implement statically typed languages?

From: Shriram Krishnamurthi (sk at cs.brown.edu)
Date: Thu May 31 13:32:25 EDT 2007		 
Not type systems, but program analyses.  See the work by Zhendong Su,
Alessandro Orso, and others.

S.

On 5/31/07, Richard Cobbe <cobbe at ccs.neu.edu> wrote:
> On Thu, May 31, 2007 at 04:46:52PM +0100, Noel Welsh wrote:
> >  Just came across this:
> >
> >   http://www.sans-ssi.org/top_three.pdf
> >
> >  It lists the top 3 errors causing security holes.  They are:
> >
> >  1. Using unvalidated user input.
> >  2. Buffer overflow
> >  3. "Handling integers incorrectly"
> >
> >  The former could be solved with a static type system.  It can also be
> >  addressed with dynamic checks with the usual tradeoffs.
>
> Are there static type systems that can protect against, e.g., SQL
> injection?
>
> Richard
> _________________________________________________
>   For list-related administrative tasks:
>   http://list.cs.brown.edu/mailman/listinfo/plt-scheme
>
Posted on the users mailing list.