[openvas-discuss] Future enhancements: plugins in perl??
jan at intevation.de
Wed Nov 23 10:11:43 CET 2005
On Wed, Nov 23, 2005 at 12:35:20AM -0500, oxdeadbeef <oxdeadbeef at pit-of-despair.com> wrote:
> On Tue, 22 Nov 2005, stripes wrote:
> > On Wed, Nov 23, 2005 at 04:14:53AM +0100, Jan-Oliver Wagner wrote:
> > I agree, something like SecurePerl (stripped down for
> > security purposes) would be very cool.
> I dont see the point of actually stripping it down. That then would limit
> the use of the language. The application is testing for security
> vulnerabilities by *any* means. Sure certain places in the core *have* to
> be secure code. But limiting a language would just defeat the
> purpose of using it in the first place. NASL is limited and lacks alot of
> functionality, but yet it still can be used maliciously.
the plugin scripts should have a stripped environment.
The Server of course not.
The example I am having in mind is Zope - they solved
this quite nicely.
Jan-Oliver Wagner: www.intevation.de/~jan | GISpatcher: www.gispatcher.de
Kolab Konsortium : www.kolab-konsortium.de | Thuban : thuban.intevation.org
Intevation GmbH : www.intevation.de | Kolab : www.kolab.org
FreeGIS : www.freegis.org | GAV : www.grass-verein.de
More information about the Openvas-discuss