> To get REALLY back to the point, I'd like to comment on Fabien's comment
> that "In my opinion, it's the most important things for a languages,
> something to easily validate user input or to encrypt password are a must
> have."  Fabien is right, but increasingly that's only half the problem.
> There also needs to be something in the libraries for the language to
> securely store data that can't be one-way hashed, as are (inbound)
> passwords.  For example, if I need to store the password my application
> needs to authenticate to a database, or other critical data, it would be
> nice to have that built into the language libraries, instead of having to
> build it myself.  It would certainly reduce the number of programmers who
> build such storage mechanisms themselves, and insecurely at that.

I'm really glad to see this point raised.  I really have very little
interest in the "which language" debate, because most of the software I see
depends so heavily on *libraries*.  The real genius of Java in my opinion is
that they slapped a standard API on top of just about everything (graphics,
databases, networking, phone systems, microplatforms, crypto, and much
more). Some other languages have also been successful here in a somewhat
less standardized way.

But just slapping an API on something is not the same as making it easy to
use securely. Java's JCE is a perfect case in point - they encrypted the API
itself! ;-) To me, it's far more important that the libraries are easy to
use securely than language syntax stuff. So how do we encourage library
writers to write APIs that are easy to use securely?

I'd like to see libraries that force the developer to explicitly do
something special if they want to get around the default secure way of doing
things.  It's not enough to just include a bunch of security features into
the libraries.  I've seen far too many libraries that expose a very powerful
API and make it too easy for a developer to make security mistakes.

Does anyone have pointers to articles on designing API's so that they are
easy to use securely?


Jeff Williams
Aspect Security

Reply via email to