Subject: Re: security for netbsd as web server
To: matthew sporleder <>
From: Steven M. Bellovin <>
List: netbsd-users
Date: 03/25/2005 22:06:50
In message <>, matthew sporleder write
>Is this newspeak that only allows strictly defined sql's accross the
>link in existance, or is it just theory?

As I noted originally:
>>   Don't speak anything as
>> powerful as sql over that link; instead, it should be a very
>> narrowly-defined application-specific language.  My usual term for that
>> language is "newspeak", named after Orwell's 1984: the language where
>> it was impossible to think a disloyal thought.  Here, it should be a
>> language where you can't utter an insecure thought. 

it's application-specific.  I don't think it's possible to write a 
general language to do this, and design of the particular one is an art.

		--Prof. Steven M. Bellovin,