From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: a07f3367d7,ac4955b8006bd13c X-Google-Attributes: gida07f3367d7,public,usenet X-Google-NewGroupId: yes X-Google-Language: ENGLISH,ASCII-7-bit Received: by 10.68.220.230 with SMTP id pz6mr10793148pbc.3.1338822994814; Mon, 04 Jun 2012 08:16:34 -0700 (PDT) Path: l9ni20487pbj.0!nntp.google.com!news1.google.com!goblin2!goblin.stu.neva.ru!aioe.org!.POSTED!not-for-mail From: "Dmitry A. Kazakov" Newsgroups: comp.lang.ada Subject: Re: Q: type ... is new String Date: Mon, 4 Jun 2012 17:14:49 +0200 Organization: cbb software GmbH Message-ID: References: <82defba0-2d39-4418-b678-ebbefeb105d7@x21g2000vbc.googlegroups.com> <4fcccd1f$0$6583$9b4e6d93@newsspool3.arcor-online.net> Reply-To: mailbox@dmitry-kazakov.de NNTP-Posting-Host: FbOMkhMtVLVmu7IwBnt1tw.user.speranza.aioe.org Mime-Version: 1.0 X-Complaints-To: abuse@aioe.org User-Agent: 40tude_Dialog/2.0.15.1 X-Notice: Filtered by postfilter v. 0.8.2 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Date: 2012-06-04T17:14:49+02:00 List-Id: On Mon, 04 Jun 2012 16:58:38 +0200, Georg Bauhaus wrote: > On 04.06.12 15:36, Maciej Sobczak wrote: > >> I agree that most of the security problems that >> plague the web-development ecosystem could be solved with a proper >> type system and static type-safety. > > To illustrate a problem, web programming is almost always confronting > I/O of untyped "text": of implicit, ambiguous, indeterminable, > inconsistent, wrong encoding. There is no perfect way to prevent > exception raising effects, remember that most systems are layered, > and disconnected. Basic AI is needed to make educated guesses about > to the meaning of octet sequences. > > Any complaint about malformed output at the other end is likely > justified, but useless: "We *must* have the data. Do your best!" malformed /= untyped. Typing is about a way to describe behavior. Anything you can do in an untyped way you can do typed and conversely, since both is Turing complete. Malformed, but legal input must be parsed and mapped onto a set of properly typed objects. Where is a problem? Miserable state of internet standards is not directly related to the pitiful methods of programming usual to internet applications. Though both may be consequences of same attitude to software design. -- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de