In the Esperanto of the programming language Wyvern

A by the Esperanto of the programming language Wyvern


Researchers develop a programming language capable of integrating multiple languages ​​into one. His name is Wyvern and aims to solve security problems

Computer scientists from Carnegie Mellon University have devised a method of using multiple programming languages ​​in the same program, allowing developers to use the most appropriate language for each function. This concept allows protect services against code injection attacks , one of the most serious threats they may face a Web application today.

In the ISR ( Institute for Software Research ), Professor Jonathan Aldrich is developing a programming language called Wyvern , which makes it possible to build pages and Web applications using multiple programming languages ​​one , each focused in your area. That way, you could use SQL to send requests to databases, HTML for layout pages … etc. They act as a kind of sublanguages. To better understand the concept, one of the developers made the following analogy:

We could say that Wyvern is a skillfully negotiator, able to easily switch between languages ​​with the aim of a group of People can work well together. I think our new approach can have a big impact on the way that has been developed so far.
– Jonathan Aldrich, associate professor in the ISR

. Wyvern determines the sublanguage being used in the program by the data types the programmer is manipulating. The types specify the format of the data, whether alphanumeric characters or more complex data structures, as it could be a request for data to a database on a Web page.

Your goal is to increase security

When we build a website probably end up using many different languages ​​. The letters we read and the images we see are layouts created using HTML or CSS , perhaps through requests to a database from PHP or perhaps loading files directly from the server. The suggestions writing to the search bar many Web applications and the page that automatically loads thus are possible by JavaScript (usually combined with languages ​​such as PHP or Python ). Chances are if we enter our accounts on websites or buy online articles, what we are doing is sending direct SQL requests to a database.

A common practice is to copy strings to form commands in a specialized language like SQL. If not implemented correctly, this practice can let our project vulnerable against two of the most serious security threats that could face today . The first would scripts Cross-site ( cross-site scripting ) or the SQL injection attacks. In the latter case, for example, an attacker could use a simple login form to insert the DROP TABLE command, with which may eliminate vital information from the database.

Avoid this type of security problems requires care, experience and testing, but a specialist for this as Wyvern language could facilitate our work. Wyvern understands and identifies the different languages ​​of context data and objects treated as literal (fixed values). Thus, following the example above, instead of using a special function to pass the values ​​directly use SQL code. Understand the concept can be tricky, but we can get an idea seeing some examples code.

Wyvern is not finished yet, only been implemented at a basic level so many functions have not been fully developed. To find out what happens behind the curtains of the project can visit their website at GitHub. Anything that helps you solve security problems is welcome. However, I miss a friendlier documentation to see in practice the concepts proposed by the developers of Wyvern language. What comes closest to this are the research papers and is not to be very digestible . For now, we look forward to bringing new products to be







Hipertextual

In the Esperanto of the programming language Wyvern
Source: english  
February 5, 2015


Next Random post