[liberationtech] [tor-talk] Programming language for anonymity network
David Rajchenbach-Teller
dteller at mozilla.com
Fri Apr 18 02:34:24 PDT 2014
On 18/04/14 11:30, Aymeric Vitte wrote:
[...]
> - nodejs is easy to audit (assuming that modules like V8 can be
> audited), you can override node's functions/objects if you like
[...]
Actually, in my mind, that's one point against safety of Node.js
applications. Redefining, say, Array.prototype.forEach is a good way to
introduce hard-to-track bugs. Doubly so if this is done silently by
importing a package (almost sure the latter is possible, but I haven't
actually checked).
Cheers,
David
--
David Rajchenbach-Teller, PhD
Performance Team, Mozilla
More information about the liberationtech
mailing list