[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Programming language for anonymity network



On 18/04/14 11:30, Aymeric Vitte wrote:
[...]
> - nodejs is easy to audit (assuming that modules like V8 can be
> audited), you can override node's functions/objects if you like
[...]

Actually, in my mind, that's one point against safety of Node.js
applications. Redefining, say, Array.prototype.forEach is a good way to
introduce hard-to-track bugs. Doubly so if this is done silently by
importing a package (almost sure the latter is possible, but I haven't
actually checked).

Cheers,
 David

-- 
David Rajchenbach-Teller, PhD
 Performance Team, Mozilla

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk