SQL Injection attacks are impossible to do against a Perl application ... so long as you use DBI's placeholders.
Hmm... Let's rephrase that a tad...
Buffer overflow attacks are impossible to do against a C application ... so long as you use malloc and free properly.
...
Ruby is the exact same way - there's even a section on it in the Ruby on Rails book. It says (and I paraphrase) "Use DBI placeholders to make SQL Injection attacks impossible."
But Ruby and SQL don't take a language level approach to security, right? I'm only wondering if there is any evidence to back up the OP's claim that security isn't a language issue (which I read as "security can't be a language issue"). Maybe you can pinpoint your stance on the issue...
  1. Security hasn't been incorporated into a popular lanugage yet, so it must be hard or impossible (let's ignore things like Java applets for now).
  2. Language based security isn't possible for theoretical reasons X, Y, and Z. (As found out by the creators of lanugages Foo, Bar, and Baz when they crashed and burned. See their research papers).
  3. Language based security is possible, but it is really hard or makes a language cumbersome to use (See also the experiences from the Foo Project)
  4. Language enabled security is too expensive for some reason. It is almost always cheaper to fix it when it breaks.
  5. Other
...of course, I pretty much think that any idea could be made into a language issue, if so desired. See also: The Role of the Study of Programming Languages in the Education of a Programmer.

In reply to Re^5: Attack on Perl or Perl's need better PR (again) by Anonymous Monk
in thread Attack on Perl or Perl's need better PR (again) by wazoox

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.