[openvas-discuss] Future enhancements: plugins in perl??
weave at avanton.com
Wed Nov 23 15:38:56 CET 2005
This thread has all the necessary trappings for becoming a flame war,
yet it didn't. I'm impressed.
Instead of focusing on replacing NASL with language X, it might be
better to work on a framework that would allow language X, Y, and Z to
co-exists with NASL. This way we don't punish people who have already
invested in learning NASL, nor run off potential contributions because
OpenVAS only supports a language they dislike.
Jan-Oliver Wagner [jan at intevation.de] wrote on Wed, Nov 23, 2005 at 10:11:43AM +0100:
> On Wed, Nov 23, 2005 at 12:35:20AM -0500, oxdeadbeef <oxdeadbeef at pit-of-despair.com> wrote:
> > On Tue, 22 Nov 2005, stripes wrote:
> > > On Wed, Nov 23, 2005 at 04:14:53AM +0100, Jan-Oliver Wagner wrote:
> > > I agree, something like SecurePerl (stripped down for
> > > security purposes) would be very cool.
> > I dont see the point of actually stripping it down. That then would limit
> > the use of the language. The application is testing for security
> > vulnerabilities by *any* means. Sure certain places in the core *have* to
> > be secure code. But limiting a language would just defeat the
> > purpose of using it in the first place. NASL is limited and lacks alot of
> > functionality, but yet it still can be used maliciously.
> the plugin scripts should have a stripped environment.
> The Server of course not.
> The example I am having in mind is Zope - they solved
> this quite nicely.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the Openvas-discuss