On Fri, Feb 8, 2013 at 9:32 PM, Andrew Grimm <[email protected]> wrote:
>
> Would I be correct in interpreting him as saying that the recent YAML
> exploits with Rails indicate a problem with Ruby, rather than just
> Rails? That in a more secure programming language, even if the web
> development framework stuffed up, the hackers wouldn't be able to
> execute arbitrary shell code?
This might not be what he's saying, but this is true. In a
Hindley-Milner typed language, your parsing function would have a type
String -> Maybe StructuredInput: it would either fail and return
Nothing, or succeed and return a value of the correct type. It would
not be able to read your database, install malware or print to the
screen, because they all require an IO annotation.
mark
--
A UNIX signature isn't a return address, it's the ASCII equivalent of a
black velvet clown painting. It's a rectangle of carets surrounding a
quote from a literary giant of weeniedom like Heinlein or Dr. Who.
-- Chris Maeda
--
You received this message because you are subscribed to the Google Groups "Ruby
or Rails Oceania" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/rails-oceania?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
