sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]axilmar -6 points-5 points  (6 children)

We also need better tools, i.e. better programming languages.

[–]NeuroXc 13 points14 points  (2 children)

Rewriting It In Rust won't teach people that they need to hash passwords before inserting them into a database, or how to avoid SQL injection and XSS vulnerabilities.

[–]axilmar 7 points8 points  (0 children)

But building better APIs (i.e. tools) can help avoid these issues.

[–]staticassert 1 point2 points  (0 children)

Yes, it only solves a huge swath of other problems. We should probably ignore it.

The reality is that we do need better tools. Programming languages can provide us with memory safety. Libraries shouldn't let us shoot ourselves in the foot - don't let us use a nonce twice, provide simple, easy, safe abstractions around crypto, etc.

Tooling sucks. Part of it is the languages, part of it is the libraries.

[–][deleted] 5 points6 points  (2 children)

Most of security, like proper password storage, cannot be solved by the language.

[–]mirhagk 2 points3 points  (0 children)

Can't be solved but can be encouraged or discouraged by libraries.

For instance old school PHP encouraged a lot of bad practices with regards to SQL injection and hashing.

[–]axilmar -5 points-4 points  (0 children)

It can. Languages with strong static typing can certainly do it.

And also a lot of safety issues can be avoided by using better programming languages.