Joined January 2015
·

Alpheus Madsen

Provo, UT
·
·

@vimishor

I don't see why security in a language context is necessarily wrong. Saying that it should only be done at the application level is like saying that memory management should only be done at the application level, and not the language level.

Indeed, although a bit rarer these days (since garbage collection has pretty much won, for most purposes) C and C++ advocates have often bashed Lisp, Java, Python, PHP, et al. precisely because you can't control how much memory you use at a given moment. However, manual memory management is a major source of bugs, including security holes, so deciding to use garbage collection is deciding that the language should take steps for better stability and even security.

Thus, doesn't it make sense to ask what else a language might be able to do to ensure security? (In the case of MySQL, we already have one answer: have special constructs that will automatically escape things for you when you enter data into the database. Even PHP has such structures, although they aren't available by default!)

Achievements
1 Karma
0 Total ProTip Views