A type-based solution to the "strings problem": a fitting end to XSS and SQL-i... - The Diigo Meta page

• 12 Dec 11
  

  Jacques Bosch

  "Why are so many sites vulnerable to these well-known holes? Probably because it’s insanely hard for programmers to solve the fundamental “strings problem” at the heart of these vulnerabilities. The problem itself is easy to understand, but we humans aren’t equipped to carry out the solution. Simply put, we just plain suck at keeping a bazillion different strings straight in our heads, let alone consistently and reliably rendering their interactions safe whenever they cross paths in a modern web application. It’s easy to say, “just escape the darn things,” but it’s hard to get it right, every single time."

  dev architecture

• 03 Oct 11
  

  putnamk

  xss type-system

• 15 Feb 11
  

  pradheap

  haskell sql programming security development web xml article strings xss

• 21 Dec 10
  

  andy lam

  Web Security_SSL

• 09 Dec 09
  

  Ricardo Lima

  haskell security programming xss sql xml

• 18 Jun 08
  

  infrared

  haskell web security sql research

• 31 Oct 07
  

  ex dev

  programming haskell

• 07 Nov 06
  

  spookylukey

  haskell webdev types XSS sql

• 05 Nov 06
  

  jason m

  haskell type safety injection vulnerability for:catblade

• 30 Oct 06
  

  xgavin

  long article on making haskell pay off

  software development programming haskell tutorial reference

• 24 Oct 06
  

  schwern

  security code

• 21 Oct 06
  

  mccraig mccraig

  haskell string type xss sql injection attack security vulnerability

• 19 Oct 06
  

  Thomas Neumann

  haskell programming security webdev delicious

• 

  botjebotje

  haskell strings safe escape types data programming

Would you like to comment?

Join Diigo for a free account, or sign in if you are already a member.