Communications of the ACM
How Safe Are Perl, Php, and Ruby? The Experts Weigh In
The biggest names in PHP, Perl, and Ruby speak up about what's safe--and not--in their languages.
Credit: Thinkstock
The new Mozilla-developed programming language Rust is being touted for its intrinsic security, a claim that is very attractive in the wake of major vulnerabilities such as Heartbleed. However, when it comes to programming languages, security is very often a function of how security-minded a given programmer is.
Many developers of programming languages are quick to defend the security of their language. Larry Wall, the inventor of Perl, says his language includes many features that make it difficult for vulnerabilities to manifest themselves, and is easily upgradeable so vulnerabilities can quickly be patched. Zeev Suraski, chief technology officer of PHP development toolmaker Zend, says PHP also has measures that make it secure, but admits they do not guarantee against vulnerabilities, which tend to manifest in accessing end-user data and database queries. Ruby's creator Yukihiro Matsumoto says the language is more secure than C, but Ruby's biggest security issues occur when it is used imperfectly, in particular in the ways the code interacts with other data.
Ultimately, the relative security of one programming language over another is no guarantee and programmers must still be diligent in ensuring the code they write is secure.
From InfoWorld
View Full Article
Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA
No entries found