Re: Security
- From: Jeronimo Pellegrini <jpn@xxxxxxxxxxx>
- Date: Thu, 31 Jan 2008 10:43:41 +0100 (CET)
On 2008-01-31, Steve-o <stknig@xxxxxxxxxxxxxx> wrote:
Does anyone have any specific pointers on how to write more secure
code in Common Lisp? For instance, with C/C++ programs you have to
be careful not to allow buffer overrun's to occur. But I can't see
how this could be a problem in Lisp.
I suppose all secure programming issues are potentially there... No?
- Integer overflow (if you use fixnums, double-floats, or other
fixed-size numbers)
- SQL injection
- Cross site scripting, if it's a web application
- Although with (safety 1) you can't really crash the application,
you can have buffer overflows and also crash your Lisp image
with (safety0). So, maybe "not using (safety 0) for code that will
handle non-validated input" should be added to the list
(most people will tell you to not use (safety 0) at all)
- Race conditions
Just my 0.02
J.
.
- Follow-Ups:
- Re: Security
- From: Andrew Reilly
- Re: Security
- From: Alex Mizrahi
- Re: Security
- References:
- Security
- From: Steve-o
- Security
- Prev by Date: Re: questions: how to load a file "inlined" inside a let, and how to reference count objects
- Next by Date: Re: questions: how to load a file "inlined" inside a let, and how to reference count objects
- Previous by thread: Re: Security
- Next by thread: Re: Security
- Index(es):
Relevant Pages
|
|
