[Haskell-cafe] Re: A suggestion for the next high profile Haskell project [Was: Re: What is a hacker?]

Joachim Durchholz jo at durchholz.org
Sun Dec 17 18:14:36 EST 2006


Magnus Therning schrieb:
> There is of course the possibility that Haskell would bring a whole slew
> of yet-to-be-determined security issues.  I doubt it will be worse than
> C though.

Haskell might be prone to denial-of-service attacks. E.g. sending it 
data that cause it to evaluate an infinite data structure.
Of course, any algorithm might run into an endless loop :-)
Still, I'd want to have the results of a strictness analysis attached to 
Haskell software.

That said, Haskell should be a *lot* more safe than C.
Denial-of-service is something that one should take active precautions 
against, but it's still a far cry from the code injection 
vulnerabilities that come with most C software...

Then again, avoiding global state and using a language with garbage 
collection, a strong type discipline and checked pointer dereferencing 
(say: Java, Ruby, Python, whatever) would probably go a far way towards 
safer software, even if it's not an FPL.

Regards,
Jo



More information about the Haskell-Cafe mailing list