Sign In

Communications of the ACM

ACM TechNews

How Safe Are Perl, Php, and Ruby? The Experts Weigh In


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
The new Mozilla-developed programming language Rust is being touted for its security.

The biggest names in PHP, Perl, and Ruby speak up about what's safe--and not--in their languages.

Credit: Thinkstock

The new Mozilla-developed programming language Rust is being touted for its intrinsic security, a claim that is very attractive in the wake of major vulnerabilities such as Heartbleed. However, when it comes to programming languages, security is very often a function of how security-minded a given programmer is.

Many developers of programming languages are quick to defend the security of their language. Larry Wall, the inventor of Perl, says his language includes many features that make it difficult for vulnerabilities to manifest themselves, and is easily upgradeable so vulnerabilities can quickly be patched. Zeev Suraski, chief technology officer of PHP development toolmaker Zend, says PHP also has measures that make it secure, but admits they do not guarantee against vulnerabilities, which tend to manifest in accessing end-user data and database queries. Ruby's creator Yukihiro Matsumoto says the language is more secure than C, but Ruby's biggest security issues occur when it is used imperfectly, in particular in the ways the code interacts with other data.

Ultimately, the relative security of one programming language over another is no guarantee and programmers must still be diligent in ensuring the code they write is secure.

From InfoWorld
View Full Article

 

Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account