From: Simon Wright <simon@pushface.org>
Subject: Re: Derived private interface
Date: Fri, 29 Jul 2011 07:45:48 +0100
Date: 2011-07-29T07:45:48+01:00 [thread overview]
Message-ID: <m2sjpp4mar.fsf@pushface.org> (raw)
In-Reply-To: j0sr3n$ejs$1@munin.nbi.dk
"Randy Brukardt" <randy@rrsoftware.com> writes:
> The design was driven by an extra-paranoid approach to security: if
> the server had any way for a URL to execute foreign code (a plug-in),
> then it is highly likely that an attacker would find a way to use
> buggy URL to execute some foreign code of their choice. Thus the
> ability to execute foreign code is not provided at all -- all handlers
> have to compiled into the web server. (Combined with Ada's near
> prevention of buffer overflows and stack attacks, the two most common
> vectors of the time were firmly plugged. Of course, traversal
> prevention and sanitization of parameters still have to be
> accomplished -- there is no silver bullet to security.) Once you've
> done that, there isn't much benefit to an OOP approach, since you have
> to enumerate all of the handlers somewhere in any case.
Interesting. I'd have thought that "implementing the server using OOP"
and "not providing plugin facilities" were quite separate things. The
OOP approach could, I suppose, be thought of as a way to provide you
(Randy) with plugin facilities, but not attackers!
next prev parent reply other threads:[~2011-07-29 6:45 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-05 3:14 Derived private interface Rego, P.
2011-07-05 5:10 ` AdaMagica
2011-07-06 2:24 ` Rego, P.
2011-07-06 4:34 ` AdaMagica
2011-07-06 7:55 ` Georg Bauhaus
2011-07-06 8:30 ` AdaMagica
2011-07-06 12:59 ` Georg Bauhaus
2011-07-06 13:23 ` AdaMagica
2011-07-06 19:06 ` Randy Brukardt
2011-07-06 13:28 ` Simon Wright
2011-07-06 19:45 ` Randy Brukardt
2011-07-06 22:05 ` Georg Bauhaus
2011-07-06 23:56 ` Adam Beneschan
2011-07-07 14:09 ` Georg Bauhaus
2011-07-07 15:10 ` Adam Beneschan
2011-07-08 4:29 ` AdaMagica
2011-07-08 19:08 ` Randy Brukardt
2011-07-08 19:12 ` Randy Brukardt
2011-07-07 15:19 ` Georg Bauhaus
2011-07-07 10:37 ` Stephen Leake
2011-07-07 13:18 ` Georg Bauhaus
2011-07-08 19:23 ` Randy Brukardt
2011-07-08 21:41 ` Jeffrey Carter
2011-07-09 6:14 ` Dmitry A. Kazakov
2011-07-22 22:59 ` Randy Brukardt
2011-07-23 7:30 ` Jeffrey Carter
2011-07-23 9:29 ` Maciej Sobczak
2011-07-23 10:07 ` Dmitry A. Kazakov
2011-07-26 21:04 ` Randy Brukardt
2011-07-26 23:43 ` Jeffrey Carter
2011-07-27 23:56 ` Randy Brukardt
2011-07-28 0:18 ` Jeffrey Carter
2011-07-28 10:06 ` Maciej Sobczak
2011-07-28 23:24 ` Randy Brukardt
2011-07-29 6:45 ` Simon Wright [this message]
2011-07-30 0:04 ` Randy Brukardt
2011-07-30 6:32 ` Simon Wright
2011-08-01 9:30 ` Alex R. Mosteo
2011-08-01 10:12 ` Dmitry A. Kazakov
2011-08-01 21:56 ` Randy Brukardt
2011-08-02 10:03 ` Dmitry A. Kazakov
2011-08-02 21:16 ` Randy Brukardt
2011-08-03 9:01 ` Dmitry A. Kazakov
2011-08-03 20:16 ` Randy Brukardt
2011-08-04 8:15 ` Dmitry A. Kazakov
2011-08-09 21:10 ` Maciej Sobczak
2011-08-09 21:35 ` Randy Brukardt
2011-08-10 9:11 ` Dmitry A. Kazakov
2011-08-10 21:56 ` Randy Brukardt
2011-08-11 8:07 ` Dmitry A. Kazakov
2011-08-12 4:52 ` Randy Brukardt
2011-08-12 8:54 ` Dmitry A. Kazakov
2011-08-10 10:07 ` Maciej Sobczak
2011-08-10 11:26 ` Georg Bauhaus
2011-08-10 22:27 ` Randy Brukardt
2011-08-10 22:21 ` Randy Brukardt
2011-08-11 13:50 ` Maciej Sobczak
2011-08-12 4:43 ` Randy Brukardt
2011-08-12 7:00 ` Maciej Sobczak
2011-08-12 21:59 ` Randy Brukardt
2011-07-06 15:06 ` Adam Beneschan
2011-07-06 16:36 ` Dmitry A. Kazakov
2011-07-06 19:20 ` Randy Brukardt
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox