[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Programming language for anonymity network

On 18/04/14 11:30, Aymeric Vitte wrote:
> - nodejs is easy to audit (assuming that modules like V8 can be
> audited), you can override node's functions/objects if you like

Actually, in my mind, that's one point against safety of Node.js
applications. Redefining, say, Array.prototype.forEach is a good way to
introduce hard-to-track bugs. Doubly so if this is done silently by
importing a package (almost sure the latter is possible, but I haven't
actually checked).


David Rajchenbach-Teller, PhD
 Performance Team, Mozilla

Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to