From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: a07f3367d7,158ce2376534c35d X-Google-Attributes: gida07f3367d7,public,usenet X-Google-NewGroupId: yes X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news3.google.com!feeder.news-service.com!feeder.erje.net!nuzba.szn.dk!news.jacob-sparre.dk!pnx.dk!jacob-sparre.dk!ada-dk.org!.POSTED!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: Derived private interface Date: Fri, 29 Jul 2011 19:04:17 -0500 Organization: Jacob Sparre Andersen Research & Innovation Message-ID: References: <27656578-65aa-48b9-9f89-4ebd4e0cb02a@glegroupsg2000goo.googlegroups.com><0fe3b0f8-c064-444d-899d-640e891b58c3@w4g2000yqm.googlegroups.com><128d8eb5-1cc6-47e3-a09b-b53a5ef289ce@m10g2000yqd.googlegroups.com><4e141501$0$6629$9b4e6d93@newsspool2.arcor-online.net><4b2728fc-6127-45d8-a314-9fc491701c26@g12g2000yqd.googlegroups.com><82vcve4bqx.fsf@stephe-leake.org><4e15b223$0$6541$9b4e6d93@newsspool4.arcor-online.net> NNTP-Posting-Host: static-69-95-181-76.mad.choiceone.net X-Trace: munin.nbi.dk 1311984260 3241 69.95.181.76 (30 Jul 2011 00:04:20 GMT) X-Complaints-To: news@jacob-sparre.dk NNTP-Posting-Date: Sat, 30 Jul 2011 00:04:20 +0000 (UTC) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.5931 X-RFC2646: Format=Flowed; Original X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6109 Xref: g2news1.google.com comp.lang.ada:20423 Date: 2011-07-29T19:04:17-05:00 List-Id: "Simon Wright" wrote in message news:m2sjpp4mar.fsf@pushface.org... > "Randy Brukardt" writes: > >> The design was driven by an extra-paranoid approach to security: if >> the server had any way for a URL to execute foreign code (a plug-in), >> then it is highly likely that an attacker would find a way to use >> buggy URL to execute some foreign code of their choice. Thus the >> ability to execute foreign code is not provided at all -- all handlers >> have to compiled into the web server. (Combined with Ada's near >> prevention of buffer overflows and stack attacks, the two most common >> vectors of the time were firmly plugged. Of course, traversal >> prevention and sanitization of parameters still have to be >> accomplished -- there is no silver bullet to security.) Once you've >> done that, there isn't much benefit to an OOP approach, since you have >> to enumerate all of the handlers somewhere in any case. > > Interesting. I'd have thought that "implementing the server using OOP" > and "not providing plugin facilities" were quite separate things. The > OOP approach could, I suppose, be thought of as a way to provide you > (Randy) with plugin facilities, but not attackers! The root of the problem is that Ada 95 had no way to create a factory short of writing a giant case statement. That's annoying but OK if you have a complex interface with many operations to implement. However, the web server only has a single interface ("here's a URL and a socket, write the result to the socket"). So there is no advantage to having a separate case statement in the factory - that would just add complexity. (The output to the socket has many helper routines in order to make it easier to write the correct formats, but in any case the output is nearly free-form text and there is no obvious advantage to any extensions there.) Even in Ada 2005 (which has somewhat better support for factories), you still have to "with" all of the units involved. It isn't much harder to write calls into a case statement (especially given the simplity of the interface). The dynamic is different if the interface is more complex. For instance, the output modules of the ARM formatter program are based on an OOP-design (these output in various formats: RTF, HTML, plain text, etc.). For that, there is a case statement in the main program to select which output format is desired. But the interface has a significant number of routines to deal with output formatting, particularly of graphics and tables. Having to maintain 50 case statements would not be anywhere near as clean as the OOP design. Randy.