[CLUE-Tech] Web script languages and safety
Dale K. Hawkins
dhawkins at cdrgts.com
Tue Aug 12 18:17:33 MDT 2003
I was pondering the discussion about making web accessible programs
cracker-proof. This make me think about a program which I was working
on in my current pet language, ruby. There was some excellent
information on "locking ruby in the safe" which is all about disabling
the execution of the "tainted" data from the web. I was wonder what
sort of safe-guards are offered by the various other languages out
there when attempting to make code hacker resistant.
I can get the ball rolling by offing that C/C++ do not do squat to
protect your valuables. :-)
I also know, for example, that PHP had a pretty serious vulnerability
WRT to web supplied variables.
Is there a good general method to lock-down programs via some external
utility such as a chroot jail or an even stronger means?
-Dale
More information about the clue-tech
mailing list