Subject: Re: security for netbsd as web server
To: matthew sporleder <email@example.com>
From: Steven M. Bellovin <firstname.lastname@example.org>
Date: 03/25/2005 22:06:50
In message <email@example.com>, matthew sporleder write
>Is this newspeak that only allows strictly defined sql's accross the
>link in existance, or is it just theory?
As I noted originally:
>> Don't speak anything as
>> powerful as sql over that link; instead, it should be a very
>> narrowly-defined application-specific language. My usual term for that
>> language is "newspeak", named after Orwell's 1984: the language where
>> it was impossible to think a disloyal thought. Here, it should be a
>> language where you can't utter an insecure thought.
it's application-specific. I don't think it's possible to write a
general language to do this, and design of the particular one is an art.
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb