From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: a07f3367d7,158ce2376534c35d X-Google-Attributes: gida07f3367d7,public,usenet X-Google-NewGroupId: yes X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news2.google.com!news3.google.com!feeder3.cambriumusenet.nl!feed.tweaknews.nl!193.201.147.78.MISMATCH!feeder.news-service.com!feeder.erje.net!nuzba.szn.dk!news.jacob-sparre.dk!pnx.dk!jacob-sparre.dk!ada-dk.org!.POSTED!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: Derived private interface Date: Thu, 28 Jul 2011 18:24:38 -0500 Organization: Jacob Sparre Andersen Research & Innovation Message-ID: References: <27656578-65aa-48b9-9f89-4ebd4e0cb02a@glegroupsg2000goo.googlegroups.com> <0fe3b0f8-c064-444d-899d-640e891b58c3@w4g2000yqm.googlegroups.com> <128d8eb5-1cc6-47e3-a09b-b53a5ef289ce@m10g2000yqd.googlegroups.com> <4e141501$0$6629$9b4e6d93@newsspool2.arcor-online.net> <4b2728fc-6127-45d8-a314-9fc491701c26@g12g2000yqd.googlegroups.com> <82vcve4bqx.fsf@stephe-leake.org> <4e15b223$0$6541$9b4e6d93@newsspool4.arcor-online.net> NNTP-Posting-Host: static-69-95-181-76.mad.choiceone.net X-Trace: munin.nbi.dk 1311895479 14972 69.95.181.76 (28 Jul 2011 23:24:39 GMT) X-Complaints-To: news@jacob-sparre.dk NNTP-Posting-Date: Thu, 28 Jul 2011 23:24:39 +0000 (UTC) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.5931 X-RFC2646: Format=Flowed; Original X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6109 Xref: g2news2.google.com comp.lang.ada:21376 Date: 2011-07-28T18:24:38-05:00 List-Id: "Maciej Sobczak" wrote in message news:b0633538-6038-4167-860f-65ee9e7cddcc@k9g2000yqf.googlegroups.com... On Jul 27, 1:43 am, Jeffrey Carter wrote: ... >> for the significant improvement in ease of reading and >> understanding that results. > >Did you try that with web servers? Fasinating. While I agree with most of your points, it is interesting that the web server that runs the AdaIC archive site, the ada-auth.org site, the search engine for the RM, and RR Software's web site (which is an all-Ada design based on Claw's socket library) uses very little OOP. The only OOP in it is in the low-level socket operations, mainly because Claw sockets are an OOP design. But all of the high-level stuff is implemented as a table-driven approach (special handling, domain roots, and the like are all described in data form), and the specialty handlers (like the search engine) are all called from case statements driven from those data tables. The design was driven by an extra-paranoid approach to security: if the server had any way for a URL to execute foreign code (a plug-in), then it is highly likely that an attacker would find a way to use buggy URL to execute some foreign code of their choice. Thus the ability to execute foreign code is not provided at all -- all handlers have to compiled into the web server. (Combined with Ada's near prevention of buffer overflows and stack attacks, the two most common vectors of the time were firmly plugged. Of course, traversal prevention and sanitization of parameters still have to be accomplished -- there is no silver bullet to security.) Once you've done that, there isn't much benefit to an OOP approach, since you have to enumerate all of the handlers somewhere in any case. Randy.