[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [was] WAS Protect update
> This looks nice. Its along the lines of what I have been thinking, but > havent had any time to convey to anyone. The only issue I might bring up > is that instead of creating a whole new language to write the protection > detectors in could we use something like JavaScript? The rhino engine > from mozilla would make it pretty easy to create an engine for this in > both Java and C... It's a valid point, and one I've been wrestling with myself. Here's how I see the problem (from the point of view of my previous email): CONS * New language to learn. It is XML but still an engine needs to be developed. * XML syntax is not quite suitable for a programming language. In order to keep it simple I've tried to limit the number of constructs. This makes Javascript much more powerful. Will these construct be enough to satisfy our future needs? PROS * Is it realistic to have a JS interpreter embedded in a Web server? I have doubts about the size and doubts about the speed of execution. The simplicity of the new language works for us because rules can be translated into fast p-code. * I don't think Javascript is something web servers administrators will want to use (then again, the XML syntax isn't much better either). * It's likely vendors will have their own proprietary signatures. Converting among them will probably not be possible with Javascript. ... The points above convinced me to go with the XML syntax. They didn't make me happy, though. -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ]
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]