From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: a07f3367d7,158ce2376534c35d
X-Google-Attributes: gida07f3367d7,public,usenet
X-Google-NewGroupId: yes
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news2.google.com!news2.google.com!news.glorb.com!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail
From: Simon Wright <simon@pushface.org>
Newsgroups: comp.lang.ada
Subject: Re: Derived private interface
Date: Fri, 29 Jul 2011 07:45:48 +0100
Organization: A noiseless patient Spider
Message-ID: <m2sjpp4mar.fsf@pushface.org>
References: 
 <27656578-65aa-48b9-9f89-4ebd4e0cb02a@glegroupsg2000goo.googlegroups.com>
	<0fe3b0f8-c064-444d-899d-640e891b58c3@w4g2000yqm.googlegroups.com>
	<128d8eb5-1cc6-47e3-a09b-b53a5ef289ce@m10g2000yqd.googlegroups.com>
	<4e141501$0$6629$9b4e6d93@newsspool2.arcor-online.net>
	<4b2728fc-6127-45d8-a314-9fc491701c26@g12g2000yqd.googlegroups.com>
	<82vcve4bqx.fsf@stephe-leake.org>
	<4e15b223$0$6541$9b4e6d93@newsspool4.arcor-online.net>
	<iv7lg9$lur$1@munin.nbi.dk> <iv80lh$n8m$1@tornado.tornevall.net>
	<j0cvcr$l2f$1@munin.nbi.dk> <j0e0l1$5qh$1@tornado.tornevall.net>
	<j0na4g$ppi$1@munin.nbi.dk> <j0nmqd$voi$1@tornado.tornevall.net>
	<b0633538-6038-4167-860f-65ee9e7cddcc@k9g2000yqf.googlegroups.com>
	<j0sr3n$ejs$1@munin.nbi.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Injection-Info: mx04.eternal-september.org;
 posting-host="dFCm8HWntFqmDIilBLqEJQ";
	logging-data="6126"; mail-complaints-to="abuse@eternal-september.org";
	posting-account="U2FsdGVkX1+8kWYkT4nVEi141BCAaJaFxDcsk9/ODmA="
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (darwin)
Cancel-Lock: sha1:XEQ6W6y/PSpms4SdsNupYzKrR7Q=
	sha1:ja2xOchnyAVyeNtXGcmJSSUBJhM=
Xref: g2news2.google.com comp.lang.ada:21379
Date: 2011-07-29T07:45:48+01:00
List-Id: <comp.lang.ada>

"Randy Brukardt" <randy@rrsoftware.com> writes:

> The design was driven by an extra-paranoid approach to security: if
> the server had any way for a URL to execute foreign code (a plug-in),
> then it is highly likely that an attacker would find a way to use
> buggy URL to execute some foreign code of their choice. Thus the
> ability to execute foreign code is not provided at all -- all handlers
> have to compiled into the web server.  (Combined with Ada's near
> prevention of buffer overflows and stack attacks, the two most common
> vectors of the time were firmly plugged. Of course, traversal
> prevention and sanitization of parameters still have to be
> accomplished -- there is no silver bullet to security.) Once you've
> done that, there isn't much benefit to an OOP approach, since you have
> to enumerate all of the handlers somewhere in any case.

Interesting. I'd have thought that "implementing the server using OOP"
and "not providing plugin facilities" were quite separate things. The
OOP approach could, I suppose, be thought of as a way to provide you
(Randy) with plugin facilities, but not attackers!