Confirmed users, Bureaucrats and Sysops emeriti
419
edits
Security:Security Checks In Glue: Difference between revisions
Jump to navigation
Jump to search
Security:Security Checks In Glue (view source)
Revision as of 01:17, 10 October 2006
, 10 October 2006Mention Oink/Cqual++ static analysis
(Mention Oink/Cqual++ static analysis) |
|||
| Line 27: | Line 27: | ||
The most obvious drawback is that you don't get a defence-in-depth setup. That is, once something gets into C++ code, there are no more security checks. This means that JS-accessible methods have to be written with a bit of care, with all codepaths out of them examined and corresponding security checks done up front. | The most obvious drawback is that you don't get a defence-in-depth setup. That is, once something gets into C++ code, there are no more security checks. This means that JS-accessible methods have to be written with a bit of care, with all codepaths out of them examined and corresponding security checks done up front. | ||
(We can use Oink and Cqual++ [http://www.cubewano.org/oink/quickstart.html] with qualifiers we use to decorate the glue code, and statically check for bad code paths. /be) | |||
= Implementation notes = | = Implementation notes = | ||