Subject: Re: security for netbsd as web server
To: matthew sporleder <msporleder@gmail.com>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: netbsd-users
Date: 03/25/2005 22:06:50
In message <b0459d5c050325182733f29e48@mail.gmail.com>, matthew sporleder write
s:
>Is this newspeak that only allows strictly defined sql's accross the
>link in existance, or is it just theory?
>

As I noted originally:
>> 
>>   Don't speak anything as
>> powerful as sql over that link; instead, it should be a very
>> narrowly-defined application-specific language.  My usual term for that
>> language is "newspeak", named after Orwell's 1984: the language where
>> it was impossible to think a disloyal thought.  Here, it should be a
>> language where you can't utter an insecure thought. 

it's application-specific.  I don't think it's possible to write a 
general language to do this, and design of the particular one is an art.

		--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb