In this chapter, we will review security issues from the perspective of a language designer. Preventing inexperienced or careless programmers from creating insecure applications by focusing on careful language design is central to this discussion. Many of these concepts are also applicable to framework designers.

Considering the design of either a specialized language or a framework in amore general-purpose language enables us to make specific assumptions about developers, or the type of applications they create. For example, architects of both PHP and Ruby on Rails largely face the same set of security issues.

Section 35.2 will cover code injection attacks and the approaches available to guard against them at a language/framework level. Section 35.3 will delve into protections that prevent buffer overflow vulnerabilities, including some not traditionally used in safe languages. Section 35.4 will focus on clientside programming, specifically contrasting the approaches used by Java applets and JavaScript. Section 35.5 will cover the application of metaobject protocols and aspect-oriented programming to security, and the types of new security risks they may create.